GUIDELINE NO 3 GUIDELINES FOR THE CERTIFICATION AUDIT OF ... · set-up of the PA may be identical...

Commission européenne/Europese Commissie, 1049 Bruxelles/Brussel, BELGIQUE/BELGIË - Tel. +32 22991111 Functional mailbox: [email protected]

EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR AGRICULTURE AND RURAL DEVELOPMENT Directorate H. Assurance and audit H.5. Assurance and financial audit

Brussels, 20.10.2017

GUIDELINE NO 3

GUIDELINES FOR THE CERTIFICATION AUDIT OF THE

EAGF/EAFRD ACCOUNTS – FY2018

REPORTING REQUIREMENTS AND OPINIONS ISSUED BY THE CERTIFICATION

BODY

Ref. Ares(2017)5016443 - 13/10/2017

2

Purpose

This Guideline addresses the requirements of Articles 9 and 51 of Regulation (EU) No 1306/2013

of the European Parliament and of the Council and Articles 5 to 7 and 29 to 33 of Commission

Implementing Regulation (EU) No 908/2014.

It serves two main purposes:

1. It is intended to assist Certification Bodies (CBs) in the preparation of their report on the audit

work carried out in relation to the completeness, accuracy and veracity of the annual accounts

of the Paying Agency (PA), on the proper functioning of its internal control system and on the

legality and regularity of the expenditure for which reimbursement has been requested from the

Commission. This Guideline serves as a template to follow for the certification reports.

2. It is intended to provide practical guidance to meet the requirements of Article 9(1) of

Regulation (EU) No 1306/2013 and Article 5.3 of Commission Implementing Regulation (EU)

No 908/2014 concerning the opinion to be provided by the CB on the annual accounts and the

Management Declaration provided by the Director of each PA pursuant to Article 102 of

Regulation (EU) No 1306/2013.

It will be reviewed on a periodic basis.

Structure

The Guideline is split into four sections. The first two deal with the reporting requirements for the

EAGF (A) and EAFRD (B) respectively. The third section (C) provides the list of annexes to be

provided together with their required structure. The fourth section (D) deals with the opinion, which

according to Article 9(1) of Regulation (EU) 1306/2013 has to cover the annual accounts, the

internal control system, the legality and regularity of expenditure, as well as the Management

Declaration.

The following points are underlined:

The CBs are requested not to combine reporting on both Funds under the same Chapters, (i.e.,

Chapters should not be split into two parts, one for the EAGF and another for the EAFRD).

However, if an assessment is wholly or partly applicable to both funds (e.g. the organisational

set-up of the PA may be identical for EAGF and EAFRD), the relevant chapter under the

EAFRD should refer to the description and assessment made under the relevant EAGF chapter.

The standard information that should be included in the certification report is indicated in

normal text. The text for the specific requirements and the guidance to the CBs are presented in

square brackets ("[ ]") and italics. CBs should present the detailed description and assessment of

the systems of the PA as required by the orientations in this Guideline.

If the PA made a correction in its annual declaration on the basis of the financial errors detected

by the CB (e.g. a voluntary repayment of the Most Likely Error calculated by the CB), this

adjustment should be clearly indicated in the certification report. The CB should also confirm

whether the adjustment fully covers the financial risk identified by the CB.

Concerning the Opinion, although a separate opinion per Fund is preferable, the CB may decide

to issue one opinion covering both Funds. However, in that case, the conclusions should be

presented in such a way that the two opinions are clearly distinguishable and that a separate

opinion on the Management Declaration is provided, in accordance with Article 9(1) of

Regulation 1306/2013.

3

Article 5(3) of Commission Implementing Regulation (EU) No 908/2014 requires that the work

carried out by the CB is in accordance with Articles 6 (Audit Principles) and 7( Audit Methods)

of the same Regulation.

In case the PA developed action plan(s) to address serious weaknesses in its internal control

system, found by EU or ECA audits, referred to in the Annual Activity Report linked to DG

AGRI's statement of assurance, the CB is expected to report on the state of implementation of

these action plan(s), the monitoring mechanisms in place, and the progress made against the

outstanding actions.

4

TABLE OF CONTENTS

SECTION A - EAGF......................................................................................................... 13

1. EXECUTIVE SUMMARY ....................................................................................... 14

1.1. Introduction ..................................................................................................... 14

1.2. Conclusions at fund level per objective ........................................................... 14

1.3. Overall assessment of the internal control system and compliance with

the accreditation criteria .................................................................................. 16

1.3.1. Standard ............................................................................................. 16

1.3.2. Detailed Assessment .......................................................................... 16

1.3.3. Overall assessment of the Internal Control System ........................... 18

2. AUDIT STRATEGY OF THE CERTIFICATION BODY ...................................... 19

2.1. Audit risks and Control Risks assessment per population and/or

scheme/measure ............................................................................................... 19

2.2. Summary of Audit Strategy and Audit Plan for EAGF ................................... 19

2.3. Resources ......................................................................................................... 21

EAGF - PART A - AUDIT OBJECTIVE 1- AUDIT OF THE ANNUAL

ACCOUNTS ............................................................................................................. 22

3. COMPLIANCE WITH ACCREDITATION CRITERIA – REVIEW OF THE

INTERNAL CONTROL SYSTEM .......................................................................... 22

3.1. Understanding the entity/processes ................................................................. 22

3.2. Compliance testing / test of controls - Control Activities ............................... 22

3.3. Evaluation per accreditation criterion ............................................................. 23

3.3.1. Control activities: Procedures for payment ....................................... 23

3.3.2. Control activities: Procedures for accounting ................................... 23

3.3.3. Control activities: Procedures for advances and securities ............... 23

3.3.4. Control activities: Procedures for debts ............................................ 24

3.4. Other accreditation components ...................................................................... 24

3.4.1. Internal environment: Organisational structure ................................. 24

3.4.2. Internal environment: Human-resource standard .............................. 25

3.4.3. Internal environment: Delegation ...................................................... 25

3.4.4. Information and communication: Communication ........................... 25

3.4.5. Information and communication: Information Systems Security ..... 26

3.4.6. Monitoring: Ongoing monitoring via internal control activities ....... 29

3.4.7. Monitoring: Separate evaluations via an internal audit service ......... 29

3.4.8. Accreditation Status ........................................................................... 29

4. SUBSTANTIVE TESTING OF OPERATIONAL AND NON-

OPERATIONAL TRANSACTIONS ........................................................................ 30

4.1. Introduction ..................................................................................................... 30

4.2. Test results in respect of the EAGF – error rate .............................................. 30

4.2.1. Overview ........................................................................................... 30

4.2.2. Work Done ........................................................................................ 30

4.2.3. Assessment and Findings .................................................................. 30

5

4.2.4. Recommendations ............................................................................. 31

4.3. Overall test result of EAGF population ........................................................... 31

4.4. Test results of non-operational transactions. ................................................... 31

4.4.1. Test results of tables of Annex II - irregularities ............................... 31

4.4.2. Test results on Tables of Annex III ................................................... 32

4.4.3. Test results in respect of advances and securities ............................. 32

5. RECONCILIATION OF MONTHLY AND ANNUAL DECLARATIONS ........... 33

5.1. Reconciliation of monthly and annual declarations of EAGF expenditure ..... 33

5.1.1. Standard ............................................................................................. 33

5.1.2. Work done ......................................................................................... 33

5.1.3. Findings ............................................................................................. 33

5.1.4. Assessment ........................................................................................ 34


5.2. Reconciliation of annual declaration and X-table data of EAGF accounts ..... 35

5.2.1. Standard ............................................................................................. 35

5.2.2. Work done ......................................................................................... 35

5.2.3. Findings ............................................................................................. 35

5.2.4. Assessment ........................................................................................ 35


5.3. Reconciliation of the information required by Annex II and Annex III of

Commission Implementing Regulation (EU) No 908/2014 to the debtors'

ledger - EAGF ................................................................................................. 35

5.3.1. Standard ............................................................................................. 35

5.3.2. Work done ......................................................................................... 35

5.3.3. Findings ............................................................................................. 35

5.3.4. Assessment ........................................................................................ 37


5.4. Reconciliation of annual Table 104 to the Annex II and Annex III of

Commission Implementing Regulation (EU) No 908/2014 ............................ 37

5.4.1. Standard ............................................................................................. 37

5.4.2. Work done ......................................................................................... 38

5.4.3. Findings ............................................................................................. 38

5.4.4. Assessment ........................................................................................ 39


5.5. Confirmation of advances ................................................................................ 39

5.5.1. Objective ............................................................................................ 39

5.5.2. Work done ......................................................................................... 39

5.5.3. Findings ............................................................................................. 39

5.5.4. Assessment ........................................................................................ 39


5.6. Review of Financial Ceilings .......................................................................... 40

5.6.1. Work to be done ................................................................................ 40

5.6.2. Conclusion ......................................................................................... 40

6


6. OVERALL ERROR EVALUATION ....................................................................... 40

6.1. Detailed Error Evaluation ................................................................................ 40

6.1.1. Error evaluation for the operational expenditure ............................... 40

6.1.2. Error evaluation for non-operational expenditure: debts,

advances and securities ...................................................................... 41

7. OVERALL CONCLUSIONS ................................................................................... 42

7.1. Nature of Findings ........................................................................................... 42

7.2. Major Findings ................................................................................................ 43

7.3. Intermediate Findings ...................................................................................... 43

EAGF - PART B - AUDIT OBJECTIVE 2- LEGALITY AND REGULARITY OF

EXPENDITURE ....................................................................................................... 44

8. REVIEW OF THE INTERNAL CONTROL SYSTEM ........................................... 44

8.1. Understanding the entity / processes ............................................................... 45

8.2. EAGF IACS - Compliance testing / Test of controls - Control Activities ...... 45

8.2.1. Control activities: Authorisation of payments – Key controls .......... 45

8.2.2. Control activities: Authorisation of payments – Ancillary

controls .............................................................................................. 45

8.3. EAGF Non-IACS - Compliance testing / Test of controls - Control

Activities .......................................................................................................... 46

8.3.1. Control activities: Authorisation of payments – Key Controls ......... 46


Controls ............................................................................................. 46

9. SUBSTANTIVE TESTING ...................................................................................... 47

9.1. Test results in respect of the EAGF IACS population .................................... 47

9.1.1. Overview ........................................................................................... 47

9.1.2. Work done ......................................................................................... 47



9.2. Test results in respect of the EAGF Non-IACS population ............................ 48

9.2.1. Overview ........................................................................................... 48

9.2.2. Work done ......................................................................................... 48



10. RECONCILIATION – ANALYTICAL PROCEDURES ........................................ 49

10.1. BPS entitlements ............................................................................................. 49

10.1.1. Objective 49

10.1.2. Work to be done ................................................................................ 49

10.1.3. Conclusion ......................................................................................... 50


7

10.2. Review of IACS statistics – area-related aid schemes to be provided on

15 July "N"(claim year "N-1") as referred to Article 9(1) of Commission

Implementing Regulation (EU) No 809/2014 ................................................. 50


10.2.2. Work to be done ................................................................................ 50

10.2.3. Findings 51

10.2.4. Conclusion ......................................................................................... 51


10.3. Reconciliation of IACS statistics – animal aid schemes to be provided on

15 July "N"(claim year "N-1") as referred to Article 9(1) of Commission

Implementing Regulation (EU) No 809/2014 ................................................. 51


10.3.2. Work to be done ................................................................................ 51

10.3.3. Findings 52

10.3.4. Conclusion ......................................................................................... 52


10.4. Review of the management declaration data ................................................... 52


10.4.2. Work to be done ................................................................................ 52

10.4.3. Findings 52

10.4.4. Conclusion ......................................................................................... 53


10.5. Review of Non-IACS statistics including statistics related to scrutiny of

transactions ...................................................................................................... 53


10.5.2. Work to be done ................................................................................ 53

10.5.3. Findings 56

10.5.4. Conclusion ......................................................................................... 56


10.6. Action Plans / DG AGRI's recommendations ................................................. 56


10.6.2. Work done ......................................................................................... 56

10.6.3. Findings and Assessment .................................................................. 56


11. OVERALL INCOMPLIANCE RATE EVALUATION ........................................... 57

11.1. EAGF IACS - Evaluation of the total projected incompliance rate ................ 57

11.2. EAGF IACS – Confirmation of the control data/statistics and the

Management declaration ................................................................................. 58

11.3. EAGF Non-IACS - Evaluation of the total projected incompliance rate ........ 58

11.4. EAGF Non-IACS - Confirmation of the control data/statistics and the

Management declaration ................................................................................. 59

11.5. Certifying error rate for reduction of control rate ........................................... 60


8


12.2. Major Findings (by population – IACS and non-IACS) ................................. 62

12.3. Intermediate Findings (by population – IACS and non-IACS) ....................... 62

13. FOLLOW-UP OF PREVIOUS YEARS' RECOMMENDATIONS ......................... 62

13.1.1. Conclusion ......................................................................................... 64


SECTION B – EAFRD ..................................................................................................... 65

14. EXECUTIVE SUMMARY ....................................................................................... 66

14.1. Introduction ..................................................................................................... 66

14.2. Conclusions at fund level per objective ........................................................... 66

14.3. Overall assessment of the internal control system and the compliance

with the accreditation criteria .......................................................................... 68

14.3.1. Standard 68

14.3.2. Detailed Assessment .......................................................................... 68

14.3.3. Overall assessment of the Internal Control System ........................... 70

15. AUDIT STRATEGY OF THE CERTIFICATION BODY ...................................... 72

15.1. Audits risks and Control Risks assessment per population/measure ............... 72

15.2. Summary of Audit Strategy and Audit Plan for EAFRD ................................ 72

15.3. Resources ......................................................................................................... 74

EAFRD - PART A –AUDIT OBJECTIVE 1- AUDIT OF THE ANNUAL

ACCOUNTS ............................................................................................................. 75

16. COMPLIANCE WITH ACCREDITATION CRITERIA – REVIEW OF THE

INTERNAL CONTROL SYSTEM .......................................................................... 75

16.1. Understanding the entity/processes ................................................................. 75

16.2. Compliance testing / test of controls - Control Activities ............................... 75

16.3. Evaluation per accreditation criterion ............................................................. 76

16.3.1. Control activities: Procedures for payment ....................................... 76

16.3.2. Control activities: Procedures for accounting ................................... 76

16.3.3. Control activities: Procedures for advances and securities ............... 77

16.3.4. Control activities: Procedures for debts ............................................ 77

16.4. Other accreditation components ...................................................................... 77

16.4.1. Internal environment: Organisational structure ................................. 77

16.4.2. Internal environment: Human-resource standard .............................. 78

16.4.3. Internal environment: Delegation ...................................................... 78

16.4.4. Information and communication: Communication ........................... 79

16.4.5. Information and communication: Information Systems Security ..... 79

16.4.6. Monitoring: Ongoing monitoring via internal control activities ....... 82

16.4.7. Monitoring: Separate evaluations via an internal audit service ......... 82

16.4.8. Accreditation Status ........................................................................... 83

17. SUBSTANTIVE TESTING OF OPERATIONAL AND NON-

OPERATIONAL TRANSACTIONS ........................................................................ 84

9

17.1. Introduction ..................................................................................................... 84

17.2. Test results in respect of the EAGF – error rate .............................................. 84

17.2.1. Overview 84

17.2.2. Work Done ........................................................................................ 84



17.3. Overall test result of EAFRD population ........................................................ 85

17.4. Test results of non-operational transactions. ................................................... 85

17.4.1. Test results of tables of Annex II - irregularities ............................... 85

17.4.2. Test results on Tables of Annex III ................................................... 86

17.4.3. Test results in respect of advances and securities ............................. 86

18. RECONCILIATION OF QUARTERLY AND ANNUAL DECLARATIONS ....... 87

18.1. Reconciliation of quarterly and annual declarations of EAFRD

expenditure ...................................................................................................... 87

18.1.1. Standard 87

18.1.2. Work done ......................................................................................... 87

18.1.3. Findings 87

18.1.4. Assessment ........................................................................................ 88


18.2. Reconciliation of annual declaration and X-table data of EAFRD

accounts ........................................................................................................... 88

18.2.1. Standard 88

18.2.2. Work done ......................................................................................... 89

18.2.3. Findings 89

18.2.4. Assessment ........................................................................................ 89


18.3. Reconciliation of the information required by Annex II and Annex III of

Commission Implementing Regulation (EU) No 908/2014to the debtors'

ledger - EAFRD ............................................................................................... 89

18.3.1. Standard 89

18.3.2. Work done ......................................................................................... 89

18.3.3. Findings 89

18.3.4. Assessment ........................................................................................ 92


18.4. Reconciliation of the recoveries as per the annual declaration of EAFRD

to the Annex II and Annex III ......................................................................... 92

18.4.1. Standard 92

18.4.2. Work done ......................................................................................... 93

18.4.3. Findings 93

18.4.4. Assessment ........................................................................................ 93


18.5. Confirmation of advances ................................................................................ 94


10

18.5.2. Work done ......................................................................................... 94

18.5.3. Findings 94

18.5.4. Assessment ........................................................................................ 94


18.6. Confirmation of advances related to financial instruments ............................. 94


18.6.2. Work done ......................................................................................... 94

18.6.3. Findings 94

18.6.4. Assessment ........................................................................................ 95


19. OVERALL ERROR EVALUATION ....................................................................... 95

19.1. Detailed Error Evaluation ................................................................................ 95

19.1.1. Error evaluation for the operational expenditure ............................... 95

19.1.2. Error evaluation for non-operational expenditure: debts,

advances and securities ...................................................................... 96



20.2. Major Findings ................................................................................................ 98

20.3. Intermediate Findings ...................................................................................... 98

EAFRD – PART B – AUDIT OBJECTIVE 2- LEGALITY AND REGULARITY

OF EXPENDITURE ................................................................................................. 99

21. REVIEW OF THE INTERNAL CONTROL SYSTEM ........................................... 99

21.1. Understanding the entity / processes ............................................................. 100

21.2. EAFRD IACS - Compliance testing / Test of controls - Control Activities . 100

21.2.1. Control activities: Authorisation of payments – Key controls ........ 101


controls 101

21.3. EAFRD Non-IACS - Compliance testing / Test of controls - Control

Activities ........................................................................................................ 101

21.3.1. Control activities: Authorisation of payments – Key Controls ....... 101


Controls 101

22. SUBSTANTIVE TESTING .................................................................................... 102

22.1. Test results in respect of the EAFRD IACS population ................................ 102

22.1.1. Overview 102

22.1.2. Work done ....................................................................................... 102

22.1.3. Assessment and Findings ................................................................ 102

22.1.4. Recommendations ........................................................................... 103

22.2. Test results in respect of the EAFRD Non-IACS population ........................ 103

22.2.1. Overview 103

22.2.2. Work done ....................................................................................... 103

22.2.3. Assessment and Findings ................................................................ 104

11


23. RECONCILIATION ............................................................................................... 105

23.1. Review of RD control statistics to be provided on 15 July "N" as referred

to in Article 9(1) of Regulation (EU) No 809/2014 ...................................... 105


23.1.2. Work to be done .............................................................................. 105

23.1.3. Findings 105

23.1.4. Conclusion ....................................................................................... 105


23.2. Action Plans / DG AGRI's recommendations ............................................... 106


23.2.2. Work Done ...................................................................................... 106

23.2.3. Findings and Assessment ................................................................ 106


23.3. Review of the management declaration data ................................................. 106


23.3.2. Work to be done .............................................................................. 107

23.3.3. Findings 107

23.3.4. Conclusion ....................................................................................... 107


24. OVERALL INCOMPLIANCE RATE EVALUATION ......................................... 107

24.1. EAFRD IACS - Evaluation of the total projected incompliance rate ........... 107

24.2. EAFRD IACS - Confirmation of the control data/statistics and the

Management declaration ............................................................................... 109

24.3. EAFRD Non-IACS - Evaluation of the total projected incompliance rate ... 109

24.4. EAFRD Non-IACS - Confirmation of the control data/statistics and the

Management declaration ............................................................................... 110

24.5. Certifying error rate for reduction of control rate ......................................... 111

25. OVERALL CONCLUSIONS ................................................................................. 112

25.1. Nature of Findings ......................................................................................... 112

25.2. Major Findings (by population – IACS and non-IACS) ............................... 113

25.3. Intermediate Findings (by population – IACS and non-IACS) ..................... 113

26. FOLLOW-UP OF PREVIOUS YEARS' RECOMMENDATIONS ....................... 113

26.1.1. Conclusion ....................................................................................... 115


SECTION C –AUDIT OPINION .................................................................................... 117

GUIDANCE FOR PREPARING THE OPINION .......................................................... 120

THE PART OF THE OPINION, WHICH CONCERNS THE ANNUAL

ACCOUNTS, INCLUDING THE LAGALITY AND REGUALITY OF

EXPENDITURE ............................................................................................ 120

THE PART OF THE OPINION THAT CONCERNS THE MANAGEMENT

DECLARATION ........................................................................................... 122

12

1. THE CERTIFICATION BODY'S ASSESSMENT OF THE MANAGEMENT

DECLARATION ..................................................................................................... 122

2. THE CERTIFICATION BODY'S OPINION ON THE MANAGEMENT

DECLARATION ..................................................................................................... 124

Examples of audit opinions to be issued by the Certification Body .............. 125

SECTION D – ANNEXES .............................................................................................. 137

13

SECTION A - EAGF

14

1. EXECUTIVE SUMMARY

1.1. Introduction

Following our appointment as auditors by the [name of national body, as appropriate], on the [date

of appointment] [if applicable:], for a duration of [number of years/financial exercises] we have

performed an audit of the [name of Paying Agency] pursuant to Article 9 (2) of Regulation (EU) No

1306/2013 of the European Parliament and of the Council in relation to its role as Paying Agency.

This audit related to the Paying Agency’s operation of the European Agricultural Guarantee Fund

(EAGF) for the financial year ended 15 October 20YY. The audit was undertaken in accordance

with internationally accepted auditing standards and entailed consideration of the matters, set out in

Article 5 (4) of Commission Implementing Regulation (EU) No 908/2014.

We are also required to provide an opinion as to whether the annual accounts for the EAGF year

ended 15 October 20YY are a true, complete and accurate record of the amounts charged to the

Fund, whether the internal control procedures have operated satisfactorily and whether the

expenditure declared to the Fund is legal and regular. This opinion is contained in the Audit Opinion

presented as part C of this report. We are further required to indicate whether our examination puts

in doubt any assertions made in the management declaration. A separate section of the opinion deals

with the Management Declaration.

Our work was performed in accordance with the requirements of Article 9 of Regulation (EU) No.

1306/2013 and Articles 5 to 7 of Commission Implementing Regulation (EU) No 908/2014. The

format of this report is in accordance with the Commission Guidelines.

Our work covered the Paying Agency's compliance with the accreditation criteria, the existence and

functioning of the key internal controls and the procedures for ensuring compliance with EU rules,

the legality and regularity of expenditure claimed for reimbursement from the Commission and the

procedures for the protection of the financial interests of the EU. The findings and recommendations

arising from our work are summarised in this Chapter and detailed under the relevant Chapters.

This report results primarily from the work undertaken by us since our appointment as a

Certification Body to the Paying Agency in relation to the financial year ended 15 October 20YY.

[Where applicable] It also draws upon the work performed by ……. [external audit body] or by the

Internal Audit Unit of the Paying Agency [refer to section…..]. Additionally, we also considered

audit evidence obtained from other providers, both internal and external, the details of which are

outlined in Annex 2 to this report. Annex 1 to this Report contains a Glossary of Abbreviations used.

1.2. Conclusions at fund level per objective

Our audit work and reporting were designed according to the following audit objectives:

Audit objective 1- Audit of the annual accounts ("accounts")

Audit objective 2- Legality and regularity of expenditure ("legality and regularity"),

including the Management declaration

The proper functioning of the internal control system is covered under both audit objectives.

Article 5 (4) of Commission Implementing Regulation (EU) No 908/2014, sets the questions which

the certification body is required to respond to. These questions and our conclusions are set out

below.

15

Requirement per Article 5 of

Regulation 908/2014

Part/Audit

objective

Conclusion

The Paying Agency complies

with the accreditation criteria.

A and B;

Audit

objectives

1 and 2

For our overall opinion in this respect, refer to the

Audit Opinion (see also the internal control system).

In general, the Paying Agency complies with the

accreditation criteria [when applicable:] except…..

[summarise major accreditation issues]

Key recommendations are summarised in

subsection 12 below and are elaborated in more

detail in the relevant sections of this report.

The annual accounts referred

to in Article 29(chapter III) of

Regulation No 908/2014 are in

accordance with the books and

records of the Paying Agency.

Part A;

Audit

objective 1

For details of our opinion in this respect see the Audit

Opinion.

The statements of expenditure,

and of intervention operations

[delete reference to

intervention if not applicable],

are a materially true, complete

and accurate record of the

operations charged to the

EAGF.

Part A;

Audit

objective 1


Opinion.

The financial interests of the

Union are properly protected

as regards advances paid,

guarantees obtained,

intervention stocks [delete

reference to intervention if not

applicable]and amounts to be

collected.

Part A;

Audit

objective 1

The financial interests ….

For advances and guarantees ...

Reporting and reconciliation procedures for

intervention are ...

The recovery of amounts outstanding is ...

The completeness of Annex II/III is ensured and

detailed observations are included in section 5 of the

report.

The Paying Agency's

procedures are such as to give

reasonable assurance that the

expenditure charged to the

EAGF was effected in

compliance with Union rules,

thus ensuring that the

underlying transactions are

legal and regular, and that

recommendations for

improvements, if any, have

been followed-up.

Part A;

Audit

objective 2


Opinion.

16

1.3. Overall assessment of the internal control system and compliance with the

accreditation criteria

1.3.1. Standard

Our assessment is based on our review of the internal control system (ICS) of the Paying Agency,

including its compliance with the accreditation criteria. It is summarised in the matrix below using

the following assessment criteria:

(1) Not working. There is a clear non-respect of one or more accreditation criteria or there are

serious deficiencies. The seriousness of the deficiencies are such that the Paying Agency cannot

fulfil the tasks set out in Article 7 of the Regulation (EU) No 1306/2013. Not all risks are addressed

by controls and/or there are likely to be frequent control failures. ICS functions poorly or does not

function at all. The deficiencies are systemic and wide-ranging. High deviations were found that

were not detected by the PA’s internal control system. As a consequence, no assurance can be

obtained from the system. Scores = [1; 1,5]

(2) Works partially. There are other deficiencies which do not fall under (1), but which would have

to be followed-up according to Article 2 (1) of Commission Implementing Regulation (EU) No

908/2014. All risks are addressed to some extent by controls which may not always operate as

intended. Moderate deviations were found, which affected substantially the effectiveness of controls

AND only part of these moderate deviations was detected by the PA’s ongoing controls and

corrected by the PA itself. Scores = [1,51; 2,5]

(3) Works. Minor issues were detected but there is scope for improvement. All risks are adequately

addressed by controls which are likely to operate effectively with some deficiencies having a

moderate impact on the functioning of the key requirements. Only minor deviations were found,

which did not affect substantially the effectiveness of controls. OR if those moderate deviations

affected substantially the effectiveness of controls the PA’s ongoing controls detected them and the

self-correcting mechanism of the PA operated. Scores = [2,51; 3,5]

(4) Works well. No deficiencies or only minor deficiencies were found. All risks are adequately

addressed by controls which are likely to operate effectively. No exception was found. OR only

minor (formal) deviations were found which did not affect substantially the effectiveness of controls

and did not lead to financial errors. Scores = [3,51; 4,0]

In cases where the procedure / component is not valid, it is indicated as not-applicable (N/A). Our

assessment is partly based on reviews carried out in previous financial years, where we have

confirmed that no major changes in the procedures / components have occurred; in such cases our

assessment is indicated in brackets "( )". As regards our assessment of the Internal Audit service, if

certain areas are still to be audited by Internal Audit, we base our assessment on the adequacy of the

five year audit plan. In such circumstances our assessment is also indicated in brackets "( )".

1.3.2. Detailed Assessment

Matrix I below concerns schemes under EAGF covered by the IACS, i.e. support schemes under

EAGF established under Chapter II of Title V (articles 67 to 78) of Regulation 1306/2013 of the

European Parliament and of the Council. Matrix II below concerns schemes under EAGF not

covered by the IACS, i.e. support schemes under EAGF established under Chapter III of Title V of

Regulation 1306/2013 of the European Parliament and of the Council. The general conclusion

(overall scores at IACS and Non-IACS level) are provided in accordance with Section 5.4 of

Guideline 2 and reflected in our Audit Opinion.

[The matrices should be prepared on the basis of the matrices used for objectives –"accounts" and

2-("legality and regularity"), by merging the matrices developed for each objective].

17

[A separate matrix should be prepared for each population or strata tested because of the audit

work conducted for objective 2 at population level. However, as the audit work for audit objective

1 is conducted at Fund level, the same scores should appear per IACS and Non-IACS. In addition,

if some processes like debt management or execution of payments is conducted in the same way for

the two Fund, the same scores will appear in the matrices in Part A and B. ]

IACS

S

T a t

10 %

o r

15 % S

T a t

5 % S

T a t

5 % S

T a t

5 0 % S

T a t

5 % S

T a t

10 % S

T a t

10 % S

T a t

5 % W T

We ig ht

e d

to ta l

Adminis tra tiv

e co ntro ls 4 0,4 4 0,2 2 0,1 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 3 ,15 0,63

On-the-s po t

co ntro ls 4 0,4 4 0,2 2 0,1 2 1,0 3 0,15 3 0,3 2 0,2 4 0,2 2 0 % 2 ,0 0 0,40

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 10 % 3 ,2 5 0,33

4 0,6 4 0,2 2 1,0 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 2 ,0 0 0,40

Genera l co nclus io n 2 ,7 3

As s es s ment o f ICS

Cla im

pro ces s ing,

inc luding

va lida tio n and

auto ris a tio n

Executio n o f payments

Acco unting

Advances and s ecurities (*)

Debts management

wo rks (m e dium im pa c t)

D e le g a t io

n

C o m m u

nic a t io nIS S

O n-

g o ing

m o nit o r

ing

Int e rna l

a ud it

We ig ht ing / S c o ring

M a trix I - A s s e s s m e nt o f the IC S fo r the IA C S po pula t io n

A s s e s s m e nt

c o m po ne nt

P ro c e dure Inte rna l e nv iro nm e nt

C o ntro l

a c t iv it ie s

Info rm a tio n a nd

C o m m unic a t io n M o nito ringEv a lua t io n

a t

a s s e s s m e nt

c rite ria

Ge ne ra

l

c o nc lu

s io nO rg a nis a t i

o nHR

Key to the table:

S – Score – should correspond to the assessments in Chapter 4

W – Weight given to each assessment criteria and the Internal Control System –

corresponding to section 5.4 of Guideline No 2

T – Total = Weight * Score

[EITHER:]

The overall assessment of the Internal Control System for the IACS population is [select one: does

not work; it works partially; it works; it works well]

[Or]

On the basis of the internal control matrix above, the conclusion on the internal controls system for

the IACS population would be that [select one: it does not work; it works partially; it works; it

works well]. However, we do not agree with this conclusion. Our assessment used to determine the

sample size for substantive testing is [select one: does not work; it works partially; it works; it

works well] for the following reasons:

[ please elaborate]

18

Non-IACS

S

T a t

10 %

o r

15 % S

T a t

5 % S

T a t

5 % S

T a t

5 0 % S

T a t

5 % S

T a t

10 % S

T a t

10 % S

T a t

5 % W T

We ig ht

e d

to ta l

Adminis tra tiv

e co ntro ls 4 0,4 4 0,2 2 0,1 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 3 ,15 0,63

On-the-s po t

co ntro ls 4 0,4 4 0,2 2 0,1 2 1,0 3 0,15 3 0,3 2 0,2 4 0,2 2 0 % 2 ,0 0 0,40

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 10 % 3 ,2 5 0,33

4 0,6 4 0,2 2 1,0 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 2 ,0 0 0,40




M a trix I - A s s e s s m e nt o f the IC S fo r the N o n-IA C S po pula t io n

A s s e s s m e nt

c o m po ne nt


C o ntro l

a c t iv it ie s



a t

a s s e s s m e nt

c rite ria

Ge ne ra

l

c o nc lu


o nHR


D e le g a t io

n

C o m m u

nic a t io nIS S

O n-

g o ing

m o nit o r

ing

Int e rna l

a ud it

Claim

pro ces s ing,

inc luding

va lida tio n and

auto ris a tio n


Acco unting


Debts management

[Note: The above matrices are as per Guideline Nº 2 on the annual certification audit. It provides a

precise mathematical calculation of the overall assessment, based on the results of the testing

reported in chapter 4 on compliance with the accreditation criteria. However, the Commission seeks

the auditor's professional judgement. Therefore, if the CB is of the opinion that the resulting general

conclusion presents a misleading assessment of the Internal Control System, the CB should:

1. Disregard the calculated general conclusion;

2. Indicate its professional assessment of the functioning of the Internal Control System;

3. Clearly explain the basis on which the CB made a different assessment. In all cases, the

assessment should be in line with section 5.4 of Guideline NO 2, i.e. 1 = does not work;

2 = works partially; 3 = works; 4 = works well.]

[EITHER:]

The overall assessment of the Internal Control System for the IACS population is [select one: does

not work; it works partially; it works; it works well]

[Or]

On the basis of the internal control matrix above, the conclusion on the internal control system for

the non-IACS population would be that [select one: it does not work; it works partially; it works; it

works well]. However, we do not agree with this conclusion. Our assessment used to determine the

sample size for substantive testing is [select one: does not work; it works partially; it works; it

works well] for the following reasons…please elaborate]

1.3.3. Overall assessment of the Internal Control System

Our overall assessment of the internal control system and compliance with the accreditation criteria

for the EAGF is as follows:

Population / Strata Assessment

EAGF – IACS

EAGF – non-IACS

Strata (please specify)

19

2. AUDIT STRATEGY OF THE CERTIFICATION BODY

[Note: the purpose here is not to repeat what is written in Guideline No 2 on the audit strategy.

The CB should explain the factors it considered in the overall approach and the results of the risk

assessment implemented as part of the audit strategy. Only in case the CB decided to deviate from

the standard approach (described in Guideline 2) or modified its approach e.g. by applying

specific sampling parameters, this should be duly explained.]

2.1. Audit risks and Control Risks assessment per population and/or scheme/measure

[provide a short summary on the results of the risks assessment for the fund per population/measure

in accordance with the guidance in section 4.1 of Guideline 2 related to the audit risk model. ]

2.2. Summary of Audit Strategy and Audit Plan for EAGF

• Audit scope and objectives;

[provide a short summary]

• Audit assurance and materiality per audit objective;

We based our assessment of the internal control system on the previous year's report. [However, if

this was not the case it would have to be explained what it was based on.]


• Systems and controls per audit objective;

- Audit objective 1:




• Risk assessment per audit objective;

[provide a short summary on the control risk assessment (the assessment of Inherent risk

and control risk) at least per population in line with the table on p. 16 of Guideline 2. This

should be linked to the assessment of the ICS and the system assurance. ]





• The audit approach per audit objective;

[provide a short summary which should include the sampling approach per

population/strata; dual-purpose testing, etc.]

[If the CB chose to apply the "Methodology document for the Certification bodies in respect

of the audit work related to IACS cross-checks and data integrity to be performed in the

20

context of the annual certification audit EAGF/EAFRD expenditure", it should be described

here]





• Re-verification of on-the-spot controls;

[Describe the method used for the re-verification of on-the-spot controls (e.g.

accompaniment of the PA's inspector, re-performance by the CB's own auditor, delegated;

classical or control with remote sensing, whether there were rapid field visits. Describe

whether the representativeness of the PA's random OTSC sample was tested and confirmed).

For the time-constrained measures, the timing of the re-verification needs to be mentioned

as well. In particular, the CB should explain which procedures allowed the re-verification to

be done as soon as possible after the PA's OTSC, and any specific consideration regarding

the timing]

[Particularly for the non-IACS measures, elaborate on the key elements of the re-

verifications for the measures selected and how the sub-sampling elements on the payments

were selected for on-the-spot re-verifications (e.g.: based on invoices, nature of cost

declared, etc).]

• The nature and extent of the CB's reliance on the work of Internal Audit, third party

subcontracted auditors, specialists and experts, third party certificates from bodies

accredited for the chosen international standard, etc.1;

[The CB may rely on the work of other auditors or technical experts

It should conduct sufficient work to get assurance on the appropriateness and quality of this

work. See International Standard on Auditing ISA 600 " Using the work of another

auditor", International Standard on Auditing (ISA) 610, “Considering the Work of Internal

Audit” and ISA 620 "Using the work of an expert".

Provide a description of the work done by third parties and how the CB gained assurance of

the quality of that audit work/which monitoring mechanisms were there in place. In case of

changes of CB, explain to which extend the (new) CB relies on the work of the previous one,

e.g. re-verifications already performed, sampling parameters already established]

In case only a part of the reverification is done by another party, this section should be

filled.

• Any assumptions and estimations made during the course of the review;


1 The Certification Body may rely on the work of other auditors, such as original audit work done by the

Paying Agency’s Internal Audit function or by third party subcontracted auditors, specialists and experts, third

party certificates from bodies accredited for the chosen international standard, etc. However, the Certification

Body should conduct sufficient work itself to give assurance on the appropriateness and quality of this work.

See International Standard on Auditing ISA 600 " Using the work of another auditor", International Standard

on Auditing (ISA) 610, “Considering the Work of Internal Audit” and ISA 620 "Using the work of an expert".

21

• Plan of audit activities;


[Other information if applicable]

[Describe any other relevant information concerning the governance of the Paying Agency

which was in one way of the other taken into consideration when designing the audit

strategy.]

2.3. Resources

The audit team of the Certification Body in respect of the EAGF which performed the work

comprised N professional staff. The resources dedicated to the project varied during the year as

required. The qualifications of the personnel involved are summarised as follows:

Chartered Accountants Others TOTAL

Person days Person days Person days

N° N° N°

[In the case the Certification Body externalised the re-verifications] For the re-reverifications, the

team which performed the work comprised N professional staff. The resources dedicated and the

qualifications of the personnel involved are summarised as follows:

Qualification Person days

N°

Total N°

22

EAGF - PART A - Audit objective 1- Audit of the annual accounts

3. COMPLIANCE WITH ACCREDITATION CRITERIA – REVIEW OF THE INTERNAL

CONTROL SYSTEM

This section outlines the current status of the accreditation and provides the basis for the overall

assessment of the internal control system and for our assessment in respect of the Paying Agency's

compliance with the accreditation criteria per internal control procedure / component as indicated in

the Accreditation Matrix used for audit objective 1. We have assessed the compliance with the

accreditation criteria by using the grading "1" to "4". Our overall assessment is outlined below :

W S T W S T W S T W S T W S T W S T W S T W S T W T

c o n

c lus

io n

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 2 5% 0

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 2 5% 0

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 17% 0

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 3 3 % 0

M A TR IX - A s s e s s me nt o f t he IC S ( aud it o b je c t ive 1) f o r EA GF

A s s e s s me nt

c o mp o ne nt

P ro c e d ure

Int e rna l e nv iro nme nt

C o nt ro l

ac t iv it ie s

Inf o rmat io n and

c o mmunic a t io n M o nit o ringEva luat io n a t

a s s e s s me nt

c rit e ria

Ge ne r

a l

c o nc l

us io n

O rg anis a t io

na l

s t ruc t ure

Human

re s o urc e s

Communicatio

n I.S . Sec.

Ongo ing

monitoring Internal A ud it

Weighting /

Sco ring

Execution o f

payments

Accounting

Advances and

securit ies

Deb ts

management

D e le g a t e d

t a s ks

3.1. Understanding the entity/processes

[in line with Guideline 2 part 4.2, describe the audit activities performed, the

processes reviewed and insert the main conclusions regarding the control

environment, particular risks and any development having occurred during the FY]

3.2. Compliance testing / test of controls - Control Activities

We confirmed our assessment of the accreditation procedures against the control activities by

carrying out the following compliance testing/test of controls as suggested in Guideline N° 2:

[please indicate the number of transactions tested]

Procedure IACS Non - IACS Findings (if any)

Payment procedures Chapter X.X.X

Accounting procedures Chapter X.X.X

Advances/securities Chapter X.X.X

Procedures for debts Chapter X.X.X

[The minimum sample size should be established in line with Section 5.3 of Guideline No 2.

The allocation of the sample for the compliance tests defined as the minimum sample size at

23

Fund level among the different populations/strata, is to be determined by the CB based on its

professional judgement.]

3.3. Evaluation per accreditation criterion

Annex I of Commission Delegated Regulation (EU) No 907/2014 sets out the accreditation criteria.

[Procedures are to be reviewed in accordance with Guidelines Numbers 1 and 2. Based on the

review of the control environment and the accomplished compliance testing, provide the assessment

and findings for each control procedure. Scores (using the scoring system for accreditation criteria)

are to be provided separately for IACS and Non-IACS. Financial errors (with financial impact on

the accounts) are also to be reported and considered in the overall error evaluation, section 1.6.1.

This should include an assessment of whether the deficiency is an isolated instance or represents a

generic issue.

3.3.1. Control activities: Procedures for payment

3.3.1.1. Findings

[Provide an analysis per major/intermediate finding and the corresponding

recommendation. Provide also a brief summary of the nature of deficiencies attributed a

grading of 3, formal errors, confirm that these have no financial impact, and that these do

not represent a generic/system issue Describe the financial errors that were detected]

1) ……….

2) ………

3.3.1.2. Assessment

In our opinion, the scoring for this criterion is [1 – 4].

3.3.2. Control activities: Procedures for accounting

3.3.2.1. Findings




not represent a generic/system issue. Describe the financial errors that were detected]

1) ……….

2) ………

3.3.2.2. Assessment


3.3.3. Control activities: Procedures for advances and securities

3.3.3.1. Findings





1) ……….

2) ………

3.3.3.2. Assessment


24

3.3.4. Control activities: Procedures for debts

3.3.4.1. Findings





1) ……….

2) ………

3.3.4.2. Assessment


3.4. Other accreditation components

We confirmed our assessment of the other accreditation components against the standard (Annex I

of Commission Delegated Regulation (EU) No 907/2014) by carrying out reviews/tests to ensure the

Paying Agency's compliance with the criteria. [Procedures to be reviewed in accordance with

Guideline No 1 and No 2. Based on the review provide here an assessment per accreditation

component. Scores (using the scoring system for accreditation criteria) are to be provided. There

should be a clear distinction between IACS and non-IACS (if relevant). All findings and

recommendations related to grading of 1-3 should be reported. Financial errors (with financial

impact on the accounts) are also to be reported and to be considered in the overall error evaluation.

It should be assessed whether the deficiency is an isolated instance or represents a generic issue.]

3.4.1. Internal environment: Organisational structure

3.4.1.1. Description of the organisational structure

The Headquarters of the Paying Agency are located at … [address]. The Headquarters employ XXX

persons corresponding to the full-time equivalent of YYY staff. [if only part of the staff works on PA

matters:] Out of the staff of the institution, ZZZ persons work on tasks related to paying agency

functions.

The Paying Agency also has WWW regional/local offices. The total number of people employed at

these offices is VVV persons corresponding to the full time equivalent of PPP staff.

3.4.1.2. Findings





1) ……….

2) ………

3.4.1.3. Assessment


3.4.2. Internal environment: Human-resource standard

3.4.2.1. Findings



25

grading of 3, formal errors confirm that these have no financial impact, and that these do


1) ……….

2) ………

3.4.2.2. Assessment


3.4.3. Internal environment: Delegation

3.4.3.1. Summary of delegated tasks

The Paying Agency has delegated tasks to other institutions (referred to as delegated bodies")

as per the table below:

Name of the Institution Type of tasks delegated Date of the delegation

agreement

National Forestry Agency

(EU Coordination Unit)

EAGF Non-IACS on-the-

spot controls

Signed: 22.01.2011, updated:

25.02.2014

…

We confirm that the rules and guidelines regarding the delegation of tasks are described in detail in

the delegation agreements listed above [when applicable:] as well as in the … [applicable legal text:

law/regulation/ministerial decree, number and date]. In addition, the Paying Agency issued a set of

instructions for each specific scheme, which covers the quality aspects and the reporting on the

delegated tasks.

3.4.3.2. Findings





1) ……….

2) ………

3.4.3.3. Assessment


3.4.4. Information and communication: Communication

3.4.4.1. Findings





1) ……….

2) ………

3.4.4.2. Assessment


26

3.4.5. Information and communication: Information Systems Security

3.4.5.1. Work Done (by population – IACS and non-IACS)

We reviewed the compliance of the "Information Systems Security" with the requirements of the

standard as stated above. Our services have carried out sufficient work to provide assurance on the

appropriateness and quality of any work performed by other auditors, specialists and experts2 in the

following areas: xx;xx;xx [if applicable].

The table below indicates the overall situation:

Yes / Not Applicable No / Not Applicable

The yearly expenditure of

the paying agency is more

than €400 million:

[if no, please provide here the

standard used by the PA (e.g.

ISO 27002:2013 / BSI /

COBIT)**]

The paying agency has

obtained ISO 27001:2013

certificate/ISO 27001-

Zertifikat auf der Basis von

IT-Grundschutz:

[please provide the date

of issue and the date of

validity]

[if no, and the expenditure is

more than €400 million,

please provide further

explanations below]

The certificate* covers all

key tasks of the paying

agency:

[if no, please provide further

explanations below]***

The certificate* covers

also delegated tasks:



* For German paying agencies, the certificate is covering the interfaces to IT service

providers which are responsible for the provision of outsourced IT application environments

(where these are not provided in-house) and to other bodies which carry out delegated and

outsourced paying agency tasks according to the 'Model of the information domain for EU

paying agencies' (Modell Informationsverbund für EU-Zahlstellen).

** Please note that the standard in case of ISO is 27002:2013 for financial year 2016

(Annex I, 3 B of Regulation (EU) No 907/2014).

[In case the paying agency has obtained a valid ISO 27001:2013 certificate (for German

paying agencies ISO 27001 certificate based on IT Grundschutz), and the scope of the

certificate covers all key tasks of the paying agency, then the CB can rely on the certificate

2 See International Standard on Auditing (ISA) 610, “Considering the Work of Internal Audit” and ISA 620

"Using the work of an expert".

27

and no additional assurance work is required. The CB should provide the certificate as an

annex to its report or a corresponding reference. However, in case the scope of the

certificate is not covering all key and delegated tasks of the paying agency, then the CB

should conduct sufficient work in the areas not covered by the certificate and report on them

accordingly; or refer to 3rd party audit report. Nevertheless, in case the certificate was

issued at the very end of the financial year 2016 or later (and therefore it was not valid for

the full period of the financial year), the CB may consider to carry out some additional

audit work based on its risk assessment.]

*** Assessed in accordance with the Statement of Applicability; and considering that

delegated bodies must assure the same level of information security that is required for a

paying agency.

[Delete if not appropriate:] The 3rd party certificate can be found [in annex/at the following

address: https://.....].

[Delete if not appropriate:] As [a] Delegated Bodies[y] are[is] not covered in the ISO/BSI 27001

certificate or the Paying Agency is not ISO/BSI 27001 certified, the table(s) below describes the

situation:

Name of the Delegated Body(ies): ________________________________________

Control (Yes/No/NA) If not, please justify and/or provide possible

comments below.

The Service Level Agreement

between the Paying Agency and the

delegated body or Agreement or

Memorandum of Understanding

includes provisions on information

systems security for the delegated

body.

The Paying Agency is monitoring

that the security provisions in the

agreements are complied with (e.g.

by reviewing regular reporting from

the Delegated Body).

The Internal Audit Service is

carrying out audits in the delegated

body(ies) covering also IT security

issues.

Other units in the Paying Agency or

service provider(s) are carrying out

audits in delegated bodies covering

also IT security issues.

The Certification Body is carrying

out audits in the delegated body(ies)

covering also IT security issues.

28

[Provide more tables if needed in case of several Delegated Bodies with a different

status/situation]

3.4.5.2. Assessment and Findings (by population – IACS and non-

IACS)

[If certified, the CB should refer to that.]

[In case the PA has not been certified / or relating to areas and/or delegated tasks not

covered by the certificate / or based on the CB's risk assessment: Provide here explanations

of all significant findings for each domain of the chosen international standard. If there are

no findings for a particular domain then state that "Our review has identified no findings in

this domain".]

[For example: If the paying agency has chosen ISO 27002 as the basis of its information

security, the certification body should review and report on each of the following domains:

- Information security policies

- Organization of information security

- Human resource security

- Asset management

- Access control

- Cryptography

- Physical and environmental security

- Operations security

- Communications security

- System acquisition, development and maintenance

- Supplier relationship

- Information security incident management

- Information security aspects of business continuity management

- Compliance]

3.4.5.3. Recommendations (by population – IACA and non-IACS)

[List here the major/intermediate recommendations only in case not already reported in

chapter 1.7.]

In our opinion, the scoring for this component is [1 – 4].

3.4.6. Monitoring: Ongoing monitoring via internal control activities

3.4.6.1. Findings



grading of 3, formal errors, and confirm that these have no financial impact, and that

these do not represent a generic/system issue. Describe the financial errors that were

detected]

1) ……….

2) ………

3.4.6.2. Assessment


29

3.4.7. Monitoring: Separate evaluations via an internal audit service

3.4.7.1. Findings



grading of 3, formal errors, and confirm that these have no financial impact, and that


detected]

1) ……….

2) ………

3.4.7.2. Assessment


3.4.8. Accreditation Status

[only use this part if there are/were changes affecting the accreditation status of the PA.

Please describe the changes. ]

30

4. SUBSTANTIVE TESTING OF OPERATIONAL AND NON-OPERATIONAL TRANSACTIONS

4.1. Introduction

In this section we provide an assessment of the substantive testing results. We have attached a list of

all items selected for substantive testing, in the format proposed by the Annexes to Guideline No 3

on the Reporting Requirements.

[Include the financial errors– from section 4.2 to 4.4 in the overall error evaluation section

6.]

4.2. Test results in respect of the EAGF – error rate

4.2.1. Overview

Our sample selection of (xxx) items was based on …

[insert the sampling methodology and parameters used]

4.2.2. Work Done

We reviewed in total (xxx) and an additional xx transactions in respect of EAGF following the

requirements of Guideline 2 – Audit Strategy. [explain if the testing was done at Fund level or at

population level and whether dual-purpose testing was used].

The list of all cases appears in Annex 3: Sample reviewed in substantive testing – EAGF.

4.2.3. Assessment and Findings

[Provide an explanation of the nature of the financial errors found (random, known), listed

in Annex 3, and possible root causes. Where formal errors are found, a clear conclusion has

to be drawn that the formal errors indicated in the Annex 3 do not have a financial impact,

and that these are of an incidental nature. Indicate also the significance of the findings

(major/intermediate/minor) including a reference to the frequency with which they occurred

As mentioned in part 8.1 of Guideline 2, a clearly trivial threshold of EUR 150 and 2 % of

the audited amount is to be taken into account.]

Item nr XXXX Budget line XXXX

Scheme/Measure: XXXX

Beneficiary reg.

code:

XXXX

Specific Legal

basis:

XXXX

31

Description of the finding(s):

XXXXX

Impact:

XXX

4.2.4. Recommendations

[Only major and intermediate recommendations should be provided]

4.3. Overall test result of EAGF population

[Provide an assessment on the test result for the EAGF population.]

4.4. Test results of non-operational transactions.

For each of the audited populations, an assessment of the results of our testing is provided. The error

evaluation is included in section 6. The findings are further detailed below.

4.4.1. Test results of tables of Annex II - irregularities

4.4.1.1. Work Done

Annex 9 contains a detailed list of all transactions tested and the detected errors, including their

financial value. [Link it to Annex 8 – Evaluation of Errors – Debtors - EAGF]

4.4.1.2. Assessment and Findings

[Provide an explanation of the nature of the financial errors found, listed in Annex 9, and

possible root causes. Where formal errors are found, a clear justification has to be provided to

explain why the formal errors found do not have a financial impact, and are of an incidental

nature. Indicate also the significance of the findings (major/intermediate/minor) including a

reference to the frequency with which they occurred.]

4.4.1.3. Recommendations

[Only major and intermediate recommendations need to be listed]

32

4.4.2. Test results on Tables of Annex III

4.4.2.1. Work Done


financial value. [Link it to Annex 8 – Evaluation of Errors – Debtors - EAGF]


[Provide an explanation of the errors found, listed in Annex 10, and possible root causes.

Indicate also the significance of the findings (major/intermediate/minor) including a




4.4.3. Test results in respect of advances and securities

4.4.3.1. Work Done

Annex 11 contains a detailed list of all transactions tested and the detected errors, including

their financial value.


[Provide here explanations for each financial error and for each significant finding. Where

formal errors are found, a clear conclusion would have to be drawn that the formal errors

indicated in the Annex 11 do not have a financial impact. Indicate also the significance of

all findings (major/intermediate and minor) including a reference to the frequency with

which they occurred.]:



33

5. RECONCILIATION OF MONTHLY AND ANNUAL DECLARATIONS

5.1. Reconciliation of monthly and annual declarations of EAGF expenditure

5.1.1. Standard

To verify whether the final monthly indent (final table 104) agrees with the annual declaration for

the 20XX EAGF financial year.

5.1.2. Work done

We have verified the differences and explanations in the electronic "diff." table

(document/XXXX/XXXX, explanation-reconciliation codes "A") provided by the Paying Agency.

In addition, we assessed the Administrative Errors declared in the Monthly Declarations and those

declared separately in the Annual Declaration. We also verified that the amount of administrative

errors are not included in the Annex II and Annex III tables, and we also reviewed whether these

have been credited to the Fund3.

5.1.3. Findings

5.1.3.1. Reconciliation of differences

Budget post Final Monthly

Indent

Annual Account Difference

05 03 01 10 BPS 61,826,826.57 61,849,976.50 23,149.93

05 03 02 xx Area aid for

Rice

9,201,802.82 9,201,802.82 -

05 03. 02 xx xxxxx 285,497.45 285,497.45 -

Etc. 4,254.23 4,254.23 -

95,993.29 95,993.29 -

35,761.77 35,761.77 -

53,963,193.13 54,481,259.13 518,066.00

63,680,629.59 55,222,125.74 -8,458,503.85

62,946,699.25 62,946,699.25 -

--------------------

--

-------------------- ------------------

-

Total 252,040,658.10 244,123,370.18 -7,917,287.92

============ ============ ==========

=

The differences are explained as follows:

3 Introduced as a negative amount in the Monthly or Annual Declarations.

34

[In case positive transactions are declared on the 67 budget codes or some other codes, that result

in a reclaim from the Fund in the monthly declarations and in the annual declarations based on a

Court/administrative body's decision, a text should be included justifying the underlying

transactions. An example is provided below. In case there are several transactions reclaiming

previously recovered irregularities on the basis of Court/administrative decisions, the CB is asked

to provide details for the 5 largest transactions, and a general outline of the nature of the

remaining cases. DG AGRI may request additional information on an ad-hoc basis to verify the

remaining transactions.

In case there are other transactions that result in a positive difference between the final

monthly indent and the annual declaration not covered by the code explanations, the CB is

welcome to explain the substance of the underlying transaction. ]

The difference of XXXX on budget line XXXXXXXXXXXXXXX includes a reclaim from the

Fund of a previously recovered irregularity in FY20XX. The transaction is based on a court decision

(administrative decision) No XXX from dd/mm/yyyy stating that …….

We have reviewed the court/administrative decisions for the underlying transactions and we confirm

that the reclaim of the previously recovered irregularity is justified.

5.1.3.2. Administrative Errors

We can confirm that the Administrative Errors have been refunded. The total amount included in the

declarations amounts to:

Administrative Errors

(reported/deducted)

Amount (EUR)

1. Annual Declaration4

2. Monthly Declarations

5.1.4. Assessment

We can confirm that, except for the remarks/explanations5 listed above, the provided electronic

"diff." table (document/XXXX/XXXX, explanation-reconciliation codes "A") is complete and

accurate, and the explanations given are valid and justified.


4 Reported in 13th period (as a difference between Final Monthly Indent and Annual Account).

5 If there are differences, their type and origin should be explained (e.g. differences between Final Monthly

Indent and Annual Account or between Final Monthly Indent and X-table data).

35

5.2. Reconciliation of annual declaration and X-table data of EAGF accounts

5.2.1. Standard

To verify whether the annual declaration agrees with the X-table data for the 20XX EAGF financial

year.

5.2.2. Work done

We have reviewed the completeness, accuracy, and relevance of the electronic "diff." table

(document/XXXX/XXXX, explanation-reconciliation codes "C" provided by the Paying Agency.

5.2.3. Findings

Reconciliation of differences

………..

1………

2………

………..

5.2.4. Assessment


"diff." table (document/XXXX/XXXX, explanation-reconciliation codes "C") is complete and

accurate, and the explanations given are relevant and justified.


5.3. Reconciliation of the information required by Annex II and Annex III of Commission

Implementing Regulation (EU) No 908/2014 to the debtors' ledger - EAGF

5.3.1. Standard

To reconcile the closing balances of the previous financial year to the opening balances of

the current financial year in respect of the debtors' ledger and the Annex II and Annex III

tables.

To reconcile the data reported in Annex II and Annex III of Commission Implementing

Regulation (EU) No 908/2014 to the debtors' ledger in respect of the current financial

year.

5.3.2. Work done

5.3.3. Findings

Reconciliation closing balance n-1 / opening balance n

Closing balance Opening balance Difference

6 If there are differences, their type and origin should be explained (e.g. differences between Final Monthly

Indent and Annual Account or between Final Monthly Indent and X-table data).

36

FY n-1 (as at

15/10/n-1)

FY n (as at

16/10/n-1)

Annex II (1)

Annex III (2)

Debtors' ledger (3)

We have reconciled the closing balances of the previous year's debtors' ledger, Annex II and Annex

III tables and the opening balances of the current year debtors' ledger, Annex II and Annex III tables

and we can confirm that there are no discrepancies

[In case discrepancies are identified, please provide the necessary justifications]

Justification of differences:…..

(1)…

(2)…

(3)…

Reconciliation of Annex II and Annex III to the debtors' ledger7

Balanc

e 16

Octobe

r

New cases Recovere

d

amounts

Correct

ed

amount

s

Total non-

cleared

amounts

declared

irrecoverabl

e

Amounts

to be

recovered

by 15

October

Annex II

Annex III

Debtors'

ledger

Differences

Explanation 1 2 3 4 5 6

The explanations of the differences by column are:

1.

2.

3.

4.

7 See also Guideline No. 5 Guideline no 5 on the submission to the Commission of the Annexes II and II of

Commission Implementing Regulation (EU) No 908/2014.

37

5.

6.

The following discrepancies8 between the amounts used for this reconciliation in respect of Annex II

and Annex III (as shown in the above table) and the amounts indicated in the final Annex II and

Annex III tables provided by the Paying Agency were noted:

………..

We furthermore confirm that the closing balances mentioned on the summary tables of, respectively,

Annex II and Annex III (amounts to be recovered as at 15 October n) tally with the sum of:

Opening balances (amounts to be recovered as at 16 October n-1 for respectively Annex II and

Annex III)

+ New cases

+ / - corrected amounts

– Recoveries

– Irrecoverable amounts.

Confirmation of "50/50 tables".

As part of our tests on Annexes II and III, we reviewed the tables established by the PA setting out

the amounts to be borne by the Member States according to the 50%/50% rule as well as the

amounts to be borne in full by the EU budget due to irrecoverability. We confirm the figures

mentioned in the table below:

Paying Agency

50% to be charged to the MS

(article 54(2) of Regulation (EU)

No 1306/2013

100% to be borne by the EU

budget (article 54(3) of Regulation

(EU) No 1306/2013

EAGF

TRDI9

5.3.4. Assessment

We confirm that the amounts mentioned in the "50/50" tables are complete and accurate.


5.4. Reconciliation of annual Table 104 to the Annex II and Annex III of Commission

Implementing Regulation (EU) No 908/2014

5.4.1. Standard

There must be a clear audit trail to support the reconciliation between the annual Table 104 and the

Annex II and Annex III information.

8 The amounts used for the reconciliation regarding Annex II and Annex III should be equal to the amounts

indicated in the final tables provided by the Paying Agency; any differences should be sufficiently explained.

9 [Can otherwise be reported in the EAFRD section].

38

5.4.2. Work done

We have reviewed both the adequacy of the procedures in place, and the outcome of the

reconciliations.

5.4.3. Findings

Reconciliation of recoveries per annual Table 104 and recoveries included in Annex II

and Annex III

Example:

Assigned revenue per annual Table 104 –

Irregularities 80% (net amount)

Budget sub-item 67 02 00 00 0000 001

1.000.000,00

+ Assigned revenue per annual Table 104 –

Irregularities not subject to 20% retention

Budget sub-item 67 02 00 00 0000 002

300 000,00

+ Assigned revenue per annual Table 104 – Cross-

compliance (75%)– net amount

Budget sub-item 67 02 00 00 0000 006

75 000,00

+ Assigned revenue collected under one of the

following budget sub-items 67 02 00 00 0000 55 to

71

- 25 000,00

Total (1) = recoveries as per Table 104 1 350 000,00

Recoveries in Annex II 1.550.000,00

+ Recoveries in Annex III 100.000,00

Total (2) 1.650.000,00

Difference (2) – (1) 300.000,00

Explanations of differences:

1. 20% of retention related to revenue assigned on budget sub-item 67 02 00 00 0000 001:

+250 000

2. 25% of retention related to revenue assigned on budget sub-item 67 02 00 00 0000 006:

+25 000

3. Amounts recovered in T104 as reclaim of any amounts previously charged to the MS

under the 50/50 rule in cases of a final decision by an administrative or legal instrument on

the absence of an irregularity, not reported under "recoveries" in the Annex III tables : + 25

000

4. Other differences: 0,00

Discrepancies10 between the amounts listed in the above table and the amounts indicated in the final

Annex II and Annex III tables provided by the Paying Agency, are explained as follows:………..

10 The amounts used for the reconciliation regarding Annex II and Annex III should be equal to the amounts

indicated in the final tables provided by the Paying Agency; any differences should be sufficiently explained.

39

[The table above is an example using some of the possible budget sub-items under the Chapter 6702

EAGF-irregularities assigned revenue, and therefore does not systematically reflect the evolution of

the detailed nomenclature for each year. All recoveries booked under these sub-items (from 67 02 00

00 0000 0001 to 67 02 00 00 0000 071) shall be considered.

One discrepancy may be caused by the amounts booked under the budget sub-items 67 02 00 00

0000 55 to 71: these should not be classified as recoveries under Annex II or Annex III but as

corrected amounts under Annex II. These amounts shall be disclosed and reconciled with the Annex

II table].

5.4.4. Assessment

We reviewed the Paying Agency's reconciliation process and are satisfied that it was performed

properly.


5.5. Confirmation of advances

5.5.1. Objective

To review the confirmation of the stock of advances still to be cleared at the end of the financial year

as submitted by the Paying Agency within the annual accounts in accordance with Article 29 of

Regulation (EU) 908/2014.

5.5.2. Work done

We have reviewed the table(s) established by the Paying Agency, presenting the amounts of advance

payments not yet cleared as at 15 October N (Annex 5 a).

5.5.3. Findings

No differences have been revealed.

5.5.4. Assessment

We confirm that the amounts mentioned in Annex 5 a) are complete and accurate and correspond to

the cumulative net and not yet cleared outstanding advances (as defined in paragraph 5.3.1 of

Guideline no 1), paid to beneficiaries under EAGF.

[In case of discrepancies between the amounts reported by the PA and the CB's findings,

please indicate the percentage of deviation between what was reported and what should

have been reported and provide the necessary justifications for the difference. In case of the

measures of the wine sector if the un-cleared amounts do not equal to the unused amounts,

the unused amounts needs to be mentioned and certified separately.].


40

5.6. Review of Financial Ceilings

5.6.1. Work to be done

We reviewed whether relevant procedures are in place to ensure that the total payments per budget

line do not exceed the maximum financial ceilings.

[Where measures are subject to quantitative limits, either in terms of total amounts paid, production

or eligible areas, check that procedures are in place to ensure that the total payments [for all the

PAs in one Member State taken together] remain within these quantitative limits. This includes an

examination based on the Ceilings set out in Council Regulations (EC) No. 1307/2013].

5.6.2. Conclusion

The … [name of institution/unit] is responsible for the monitoring of the financial ceilings. For each

scheme, it monitors the payments made and verifies the totals against the approved limits.

[if applicable:]For the financial year 20XX, the financial ceilings were exceeded for the following

budget lines:

… [budget line, ceiling, overrun]

…

The overshooting of the financial ceilings was subject to a reduction by the Commission on …

[date].


[either describe the findings or indicate: Not applicable].

6. OVERALL ERROR EVALUATION

[The total financial impact arising from errors found relating to objective 1-"accounts" is

to be compared to the materiality established at Fund level for drawing the overall

conclusion on the annual accounts in the Audit Opinion. CBs are requested to use the excel

table provided below.]

6.1. Detailed Error Evaluation

6.1.1. Error evaluation for the operational expenditure

[in case the CB carried out its testing for objective 1-"accounts" at population level, please provide

the details per population in the table below. Note that the conclusion on objective 1 should be at

Fund level, so please provide an overall conclusion also at Fund level].

Our error evaluation of the statistical sample populations is outlined below:

41

Basic data EAGF

Amount of gross expenditure

Materiality 0

Estimated error

Sampling interval

Confidence level

Inherent risk

Sample size in terms of hits

Number of files checked

Financial errors found from sampling:

According to Annex 3

- Number of formal errors

- Number of substantive errors

Most likely error (MLE)

Calculation of total error:

Precision

Total Upper Error Limit (including precision) 0

Known errors: according to Annex 3

Known errors: from compliance testing

Known errors: from other sources (debtors,

reconciliations, etc)

Total Error 0

Conclusion:

Most likely error (MLE) 0

Total error 0

Materiality 0

]

A detailed table of all items tested and the detected errors including their financial values is attached

(see Annex 3 Sample reviewed in substantive testing – EAGF) to this report. We also attach (in

Annex 6: Reconciliation of gross amount of tested expenditure to the Annual Declaration) a

summary of the budget lines, reconciled to the gross amount of expenditure declared and tested,

[apportioned for both the IACS and Non-IACS populations if applicable].

[In case of errors] Overall conclusion – It is our opinion that the detected formal errors have no

financial consequences, and that these are not of a recurrent nature. The substantive errors are

mainly the result of [please elaborate.]. These errors are explained in more detail in chapter 4.

6.1.2. Error evaluation for non-operational expenditure: debts, advances and securities

As regards debts our detailed error evaluation is provided in Annex 8. Based on this evaluation the

error rate established at the level of Annex II Table is …………..%.

As regards other cases our detailed evaluation is provided in Annex 8. Based on this evaluation the

deviation rate established at the level of Annex III Table is …………..%.

42

A detailed table of all cases checked and the detected errors including their financial value is

attached (see Annex 9: Sample reviewed in substantive testing – EAGF Annex II Tables and Annex

10: Sample reviewed in substantive testing – EAGF Annex III Tables) to this report.

As regards advances and securities our error evaluation is outlined below:

Basic data Advances and securities

Value of the population 2.000.000,00

Materiality 40.000,00

Number of transactions in the population 200

Sample size 20

Total value of sampled items tested 3.000,00

Financial errors found from sampling : No errors found

Extrapolated total error 0,00

Conclusion

Total error 0,00


A detailed table of all cases tested and the detected errors including their financial value is attached

(see Annex 11: Sample reviewed in substantive testing – EAGF Advances and Securities) to this

report.

[In case of errors] Overall conclusion – In our opinion the detected formal errors have no financial

consequences. These errors are explained in more detail in chapter 5.

7. OVERALL CONCLUSIONS

7.1. Nature of Findings

Our work resulted in a number of findings which led to various recommendations. For each finding,

a level of importance was attributed in accordance with the following grading:

Accreditation issues:

- Major Findings Matters which require immediate attention by the Competent

Authority and the Head of the Paying Agency, corresponding

to grade (1) in the accreditation matrix (refer to Guideline No

1 on accreditation).

- Intermediate Findings Matters which concern the general control environment and

require prompt attention at a senior level within the Paying

Agency and the Competent Authority, corresponding to grade

(2) in the accreditation matrix.

- Minor Findings Minor issues highlighted, which require attention at an

appropriate level within the Paying Agency, corresponding to

grade (3) in the accreditation matrix.

Annual account issues:

43


Authority and the Head of the Paying Agency.



Agency and the Competent Authority.


appropriate level within the Paying Agency.

Internal Control System issues:








Recommendations related to minor findings are (in principle) not included in this reports but are

communicated separately to the Paying Agency's management in our letter of recommendations. A

list of minor recommendations is available to the Commission on request.

7.2. Major Findings

[When applicable:] We identified a number of issues giving rise to major recommendations which

are summarised in the table(s) below.

[Note that a major accreditation finding should be linked to a grade 1 ("not working") score

in the matrix tables. Exceptions to this rule may only be granted in very particular

circumstances and need to be duly justified and explained.]

The following major findings were established in respect of accreditation/internal control system

issues:

Finding Section Recommendation Response of Paying

Agency

CB assessment

of PA response

The following major findings were established in respect of accounting issues:


Agency

CB assessment

of PA response

7.3. Intermediate Findings

[When applicable:] We have identified a number of issues giving rise to intermediate

recommendations which are summarised in the table(s) below.

The following intermediate findings were established in respect of accreditation/internal control

system issues:

44


Agency

CB assessment

of PA response

The following intermediate findings were established in respect of accounting issues:


Agency

CB assessment

of PA response

EAGF - PART B - Audit objective 2- Legality and regularity of expenditure

8. REVIEW OF THE INTERNAL CONTROL SYSTEM


assessment of the internal control system and for our assessment in respect of the Paying Agency's

compliance with the accreditation criteria per internal control procedure / component as indicated in

Matrices [I and II]. We have assessed the compliance with the accreditation criteria by using the

grading "1" to "4". Our overall assessment is outlined below:


c o

nc

lu

Adminis

trat ive

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

On-the-

spo t

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

Internal

A ud it

Weighting /

Sco ring

M A TR IX - A s s e s s me nt o f t he IC S f o r p o p ula t io n/ s t ra t a ( EA GF IA C S )

A s s e s s me nt

c o mp o ne nt

P ro c e d ure

Int e rna l e nv iro nme ntC o nt ro l

ac t iv it ie s

Inf o rmat io n and

c o mmunic a t io n M o nit o ring

Eva luat io n

a t

a s s e s s me nt

c rit e ria

Ge ne r

a l

c o nc l

us io nO rg anis a

t io na l

Human

re s o urc e

Validati

on and

auto risa

t ion

D e le g a t e

d t a s ks

Communica

tion I.S . Sec.

Ongo ing

monitoring


c o

nc

lu

Adminis

trat ive

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

On-the-

spo t

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

Internal

A ud it

Weighting /

Sco ring

M A TR IX - A s s e s s me nt o f t he IC S f o r p o p ula t io n/ s t ra t a ( EA GF N o n IA C S )

A s s e s s me nt

c o mp o ne nt

P ro c e d ure


ac t iv it ie s

Inf o rmat io n and


Eva luat io n

a t

a s s e s s me nt

c rit e ria

Ge ne r

a l

c o nc l

us io nO rg anis a

t io na l

Human

re s o urc e

Validati

on and

auto risa

t ion

D e le g a t e

d t a s ks

Communica

tion I.S . Sec.

Ongo ing

monitoring

45

8.1. Understanding the entity / processes

[in line with Guideline 2 part 10 referring to part 4.2, insert the main conclusions regarding

processes checked, the control environment, particular risks and any development having

occurred during the FY]

[any work and assessment according to part 11.2.1 review of IT general controls and 11.2.2

Review of IT application controls of Guideline 2 should be inserted in this part]

[If used, please refer to the "methodology document for the Certification bodies in respect of

the audit work related to IACS cross-checks and data integrity to be performed in the

context of the annual certification audit EAGF/EAFRD expenditure" work in this part]

[please explain how the testing was conducted in line with section 11.3 of Guideline 2 and

how the samples were established].

8.2. EAGF IACS - Compliance testing / Test of controls - Control Activities

We confirmed our assessment of the control activities by carrying out the following compliance

tests/tests of controls against the key and ancillary controls as suggested in Guideline N° 2: [please

indicate the number of transactions tested]


Chapter X.X.X

Chapter X.X.X

[The minimum sample size should be established in line with Section 5.3 of Guideline No 2.

8.2.1. Control activities: Authorisation of payments – Key controls

[split according to the different schemes tested and the relevant key controls for the

particular scheme]

8.2.1.1. Findings

[Provide an analysis per major/intermediate findings and the corresponding

recommendations. Provide also a brief summary of the nature of deficiencies attributed a



1) ……….

2) ………

8.2.1.2. Assessment

[provide an assessment which would be reflected in the accreditation matrix grades]

8.2.2. Control activities: Authorisation of payments – Ancillary controls

[split according to the different schemes tested and the relevant ancillary controls for the

particular scheme]

8.2.2.1. Findings



46



1) ……….

2) ………

8.2.2.2. Assessment


8.3. EAGF Non-IACS - Compliance testing / Test of controls - Control Activities

8.3.1. Control activities: Authorisation of payments – Key Controls

[split according to the different measures tested and the relevant key controls for the

particular measure]

8.3.1.1. Findings





1) ……….

2) ………

8.3.1.2. Assessment


8.3.2. Control activities: Authorisation of payments – Ancillary Controls

[split according to the different measures tested and the relevant ancillary controls for the

particular measure]

8.3.2.1. Findings





1) ……….

2) ………

8.3.2.2. Assessment

[provide an assessment which will be reflected in the accreditation matrix grades]

47

9. SUBSTANTIVE TESTING

9.1. Test results in respect of the EAGF IACS population

9.1.1. Overview

Our sample selection (xxx) was based on …


[the CB should detail its sampling methodology and explain in summary how the PA drew

its sample (population, method, whole farm approach or not, etc), and how the CB

proceeded, for example taking into account considerations on cascade sampling. The CB

should state whether the representativeness of the PA's random OTSC sample was tested

and confirmed. In addition, the CB should explain what approach was used for the selection

of the sub-sample- parcels, animals, etc.in line with annex 2 of Guideline 2 on the two-stage

sampling. ]

9.1.2. Work done

We reviewed in total (xxx) and an additional xx transactions in respect of EAGF IACS, following

the requirements of the standard as stated above. The list of all cases appears in the Annex 4:

Incompliance Rate – EAGF IACS.


[Provide an overview of the net deviations (cf. section 3.1.1.c. of Annex 5 of Guideline 2)

listed in the Annex 4, and an analysis of the underlying causes. Where formal errors are

found, a clear conclusion has to be drawn that the formal errors indicated in Annex 4 do not

have a financial impact, and that these are not of a recurrent nature. Indicate also the

significance of the findings (major/intermediate/minor) including a reference to the

frequency with which they occurred.]

Item nr XXXX Budget

line(s)

XXXX

XXXX

Measure(s)

tested:

XXXX

XXXX

Beneficiary

reg. code:

XXXX

Specific

Legal basis:

XXXX

48

Description of the finding(s) per scheme/measure:

XXXXX

Impact:

XXX



9.2. Test results in respect of the EAGF Non-IACS population

(see the text above)

9.2.1. Overview

[The CB should detail how the sample was selected and whether all payments were tested,

mentioning the number of OTSC re-verifications conducted for EAGF Non-IACS. In

addition, the CB should explain what approach was used for the selection of the sub-sample-

invoices, etc.in line with annex 2 of Guideline 2 on the two-stage sampling.]

9.2.2. Work done

Annex 5: Incompliance Rate – EAGF Non IACS contains a detailed list of all transactions

checked and the detected errors, including their financial value.


[Provide an overview of the deviations (cf. section 3.1.1.c. of Annex 5 of Guideline 2) listed

in the Annex 5, and an analysis of the underlying causes. Where formal errors are found, a

clear justification has to be provided evidencing that the formal errors indicated in the

Annex 5 do not have a financial impact, and that these are not of a recurrent nature.




Measure: XXXX

Beneficiary

reg. code:

XXXX

Specific XXXX

49

Legal basis:


XXXXX

Impact:

XXX


[Only major and intermediate recommendations should be listed]

10. RECONCILIATION – ANALYTICAL PROCEDURES

10.1. BPS entitlements

10.1.1. Objective

We examined whether a proper system for the identification and registration of payment

entitlements has been set up with regard to the Basic Payment Scheme (BPS) in accordance with

Title III of Regulation (EU) No 1307/2013.

[If the system is managed centrally at national level, the CB of the central PA should cover this

part in its report. In that particular situation, this section would not be applicable for the other

PAs.]


[List the checks carried out for the review of the procedures, including:

that the Entitlement Register details are validated against historic reference period data and

agreed with each producer as part of the set-up of the BPS database (if applicable);

that appropriate controls are being applied to the establishment of the Scheme;

the correct application of the National ceiling to the process of establishing individual

entitlements under the scheme; and

the correct basis of allocation of the National reserve.

changes to the entitlements and final allocation of the entitlements is established in line with

the legal provisions;

the transfer and lease of BPS entitlements;

changes to the allocation of the National reserve.

50

[CY2015 (FY2016) is the first year in which the BPS entitlements are established. Thus, on the

basis of the audit work to be performed, the CB should be able to conclude that the value of the

payment entitlements for BPS was correctly established and the number of entitlements was

correctly allocated in the first year of application of BPS for BPS files tested for compliance

testing.]

We confirmed our assessment of the procedures by compliance testing on XXX (normally 10)

cases.

10.1.3. Conclusion

[To conclude whether a proper system for the identification and registration of payment

entitlements has been set up]


10.2. Review of IACS statistics – area-related aid schemes to be provided on 15 July

"N"(claim year "N-1") as referred to Article 9(1) of Commission Implementing

Regulation (EU) No 809/2014

10.2.1. Objective

To assess the reconciliation of the PA for the control statistics reported under area-related aid

schemes managed by the IACS (aid schemes under EAGF covered by the IACS, i.e. support

schemes under EAGF established under Annex I of Regulation (EU) No 1307/2013 of the European

Parliament and of the Council as referred to in Article 67 of Regulation (EU) No 1306/2013 of the

European Parliament and of the Council), and provided to the Commission in the framework of

Article 9(1) of Regulation (EU) No 809/2014.


[To confirm when (date and document number if applicable) the statistics11 were submitted to the

Commission.]

BPS/SAPS and area-related aid schemes

[The PA should reconcile the information provided under Article 9(1) electronically via

"STATEL/eDamis" to the underlying information in its information system/s. The CB is to check

that such a reconciliation has been made and is to confirm that there are no discrepancies, and

whether the data are automatically retrievable from the IT system/s of the PA or not.

The documentary evidence of this shall be held available in the PA to ensure at all times a

sufficiently detailed audit trail. The CB should follow-up whether such an audit trail exists and is

adequate.

11 In case multiple versions were submitted, quote both the date (and if applicable the document number) of the

first version submitted as well as the date (document number) of the version on which the Certification Body

has carried out its verification work as described under this chapter.

51

The CB should assess the PA's compilation and transmission of statistics against the reporting

requirements set out in the EU provisions, as further explained in the Commission Guidelines and

explanatory notes such as "Guidelines for the submission of control data and control statistics in

relation to direct payments schemes and rural development measures" up-dated on an annual

basis12.]

10.2.3. Findings

[The CB should report on the findings with reference to the particular element of the control

statistics.]

10.2.4. Conclusion

[To conclude whether the control statistics are correctly compiled and reconciled, in conformity

with the prevailing guidelines, and that there is an adequate audit trail. This conclusion can be

drawn based on the review of the procedures of the PA for establishing the control

statistics/questionnaires If the conclusion is adverse, please provide an analysis of the underlying

reasons; stating e.g., that:

the information in the IT system/s is inaccurate,

field inspection reports are not recorded on a timely basis,

etc.]


10.3. Reconciliation of IACS statistics – animal aid schemes to be provided on 15 July

"N"(claim year "N-1") as referred to Article 9(1) of Commission Implementing

Regulation (EU) No 809/2014

10.3.1. Objective

To assess the reconciliation of the PA for the control statistics reported on animal aid schemes

managed by the IACS, and provided to the Commission in the framework of Article 9(1) of



[To confirm when (date) the statistics13 were submitted to the Commission services.

The PA should reconcile the information provided under Article 9(1) electronically via

"STATEL/eDamis" to the underlying information in its information system/s. The CB is to check

that such reconciliation has been made and is to confirm that there are no discrepancies, and

whether the data are automatically retrievable from the IT system/s of the PA. The information

12 See document AGRI/2212393/2015 of 12/05/2015 and related annexes I to IV (last update of annexes II and

IV in November 2015)for the reporting due on 15 July 2016 for claim year 2015.

13 In case multiple versions were submitted, quote both the date (and if applicable the document number) of the

first version submitted as well as the date (document number) of the version for which the Certification Body

has carried out the under this chapter mentioned verification work.

52

regarding documentary evidence of this shall be available in the PA to ensure at all times a

sufficiently detailed audit trail. The CB should follow-up whether such an audit trail exists and is

adequate.


requirements set out in the EU provisions, as further explained in the Commission Guidelines and

explanatory notes such as "Guidelines for the submission of control data and control statistics in

relation to direct payments schemes and rural development measures", up-dated on an annual

basis].

10.3.3. Findings


statistics.]

10.3.4. Conclusion

[To conclude whether the control statistics are correctly compiled and reconciled and a sufficient

audit trail exists. This conclusion can be drawn based on the review of the procedures of the PA

for establishing the control statistics/questionnaires. If an adverse conclusion is given please

analyse and explain the underlying reasons, such as (e.g.):



etc.]


10.4. Review of the management declaration data

[The CB should use the results of its analytical procedures on the control data and statistics in order

to check how the error rates in the Management declaration (MD) were compiled. As the error rates

in the MD are aggregated, the CB should check the aggregated results in the MD on the basis of the

control data and the control statistics per scheme/measure]

10.4.1. Objective

To reconcile the information provided in the Management declaration to the underlying control data.


[see part 13.2 of Guideline 2]

10.4.3. Findings

[The CB should report on the findings with reference to the particular element of the MD:

Management declaration, error rates reported, follow up and state of play of conformity findings

described in Annexes III and IV to the MD.]

53

10.4.4. Conclusion


10.5. Review of Non-IACS statistics including statistics related to scrutiny of transactions

10.5.1. Objective

To verify whether the Paying Agency follows-up all potential irregularities revealed in the course of

the application of Chapter III of Title V (Scrutiny of transactions) of Regulation (EU) No 1306/2013

as communicated to the Commission services.


[To confirm when (date + document number) the statistics (the annual report related to the

recent scrutiny programme (Years n-1/n)) were submitted to the Commission services.

To review all the findings (potential irregularities) communicated by the Special

Department to the Paying Agency in order to check whether all cases reported upon are

appropriately taken care of by the Paying Agency.

Also to review the justifications provided in cases where the PA decided not to pursue

recovery or has so far taken no action.]

Commission européenne/Europese Commissie, 1049 Bruxelles/Brussel, BELGIQUE/BELGIË - Tel. +32 22991111 Functional mailbox: [email protected]

Scrutiny programme years n-2/n-1

Budget items

As reported in the years

n-2/n-1 annual report

(1)

Current situation (2) Confirmed by the responsible

authority (3)

Recovery orders issued

by the Paying Agency

(4)

Actual recoveries made


(5)

Cases suspended

(undergoing court's

examination) (6)

Amounts impossible to

recover (7)

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated Number of irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Totals 0 0 0 0 0 0 0 0 0 0 0 0 0 0

(1) These columns shall contain the information provided in the respective annual report

(2) These columns shall contain all irregularities detected up to date and corresponding to the years n-2/n-1 scrutiny period

(3) These columns shall contain the information based on the decisions of the Paying Agency or any other commission/committee responsible for the review of irregularities detected

(4) These columns shall contain the information based on the recovery orders issued by the Paying Agency

(5) These columns shall contain the information on the actual amounts recovered by the Paying Agency

(6) These columns shall contain the information on the cases which have been referred to the court and which are awaiting the court's decision

(7) These columns shall contain information on the cases for which recoveries are not possible -e.g. due to bankruptcy of beneficiary

55

Scrutiny programme years n-1/n

Budget items

As reported in the years

n-1/n annual report (1)

Current situation (2) Confirmed by the responsible

authority (3)

Recovery orders issued


(4)

Actual recoveries made


(5)

Cases suspended

(undergoing court's

examination) (6)

Amounts impossible to

recover (7)

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated Number of irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Number of

irregularities

Amount

estimated

Totals 0 0 0 0 0 0 0 0 0 0 0 0 0 0

(1) These columns shall contain the information provided in the respective annual report

(2) These columns shall contain all irregularities detected up to date and corresponding to the years n-1/n scrutiny period [

(3) These columns shall contain the information based on the decisions of the Paying Agency or any other commission/committee responsible for the review of irregularities detected

(4) These columns shall contain the information based on the recovery orders issued by the Paying Agency

(5) These columns shall contain the information on the actual amounts recovered by the Paying Agency

(6) These columns shall contain the information on the cases which have been referred to the court and which are awaiting the court's decision

(7) These columns shall contain information on the cases for which recoveries are not possible -e.g. due to bankruptcy of beneficiary

10.5.3. Findings

[To report, as follows (these tables are provided by the PA, but should be checked and

confirmed by the CB and included in its report)]:

10.5.4. Conclusion

[To conclude whether the control statistics are correctly compiled and reconciled and a

sufficient audit trail exists. This conclusion can be drawn based on the review of the procedures

of the PA for establishing the control statistics/questionnaires. If an adverse conclusion is given

please analyse and explain the underlying reasons, such as (e.g.):



etc.]



10.6. Action Plans / DG AGRI's recommendations

10.6.1. Objective

[The CB is expected to verify if action plans referred to in the annual activity report linked to

DG AGRI's statement of assurance as well as to DG AGRI's conformity audits have been

established by the PA and to report on the progress against the outstanding actions and the

remedial actions actually implemented by the PA during the financial year audited.]

10.6.2. Work done

We reviewed the action plan established by the Paying Agency on … [date] to address the

serious weaknesses in … [control/measure/issue]. Our review included:

… [tests performed / checks made]

…

10.6.3. Findings and Assessment

In our opinion, the action plan … [addresses / does not address] the weaknesses. [Describe

outstanding issues] Clear milestones and resource requirements for the delivery of the plan

have been identified and made available [explain if not].

The implementation of the action plan is [on track/should be improved/… The progress made in

respect of the action plan should be clearly explained.]

57



11. OVERALL INCOMPLIANCE RATE EVALUATION

11.1. EAGF IACS - Evaluation of the total projected incompliance rate

Our evaluation of the incompliance rate for the same statistical sample strata/populations

is outlined below:

Basic data EAGF IACS

EAGF other

stata (if

applicable)

Amount of expenditure determined following random

on-the-spot checks (a)

Materiality (TM) 0 0

Estimated error

Sampling interval [if applicable ]

Confidence level

Sample size in term of hits



According to Annex XX



Projected Incompliance Rate (PIR)

Calculation of total error for the incomplaince rate:

Precision

Upper projected incompliance rate (UPI) 0 0

Known errors: according to Annex XX


Known errors: from other sources

Total Error for the incompliance rate 0 0

IRR = Total error / amount of expenditure (a)

Amount of expenditure (b)

Amount at risk =(a)x(b)

Materiality at expenditure level =2% x b

Conclusion:

Projected Incompliance Rate (PIR) 0 0


Consolidated IRR

Materiality 0 0

[In case the CB used Simple random sampling, lines with the number of transactions,

standard deviation of the pilot sample, as well as standard deviation of the total sample

need to be included]

A detailed table of all cases checked and the detected errors including their financial

value is attached (see Annex 4): Incompliance Rate – EAGF IACS) to this report.

58

Taking into consideration the total error for incompliance rate calculated and the overall

evaluation of the internal control system, we conclude on a maximum level of risk

below/above [please choose the appropriate] 2 % for the EAGF IACS population.

11.2. EAGF IACS – Confirmation of the control data/statistics and the Management

declaration

Assessment of internal control system 4 Works well

PA's error rate (control statistics,

Management Declaration – MD for this

population)

……..

Incompliance rate PIR<UPI<2 %

Confirmation of the control data/statistics

and the Management declaration

{please add your assessment] The

maximum level of risk is below 2% thus,

control data/statistics as well as the

reporting in the Management Declaration

can be confirmed in all material respects

Our evaluation is reflected in the Opinion.

[Note: in case the results are inconclusive i.e. UPI or PIR<2%, the CB should analyse

the reasons at scheme level and confirm or not certain control statistics. Please provide

explanations for which schemes the control statistics cannot be confirmed]

11.3. EAGF Non-IACS - Evaluation of the total projected incompliance rate


is outlined below:

59

Basic dataEAGF Non-

IACS

[if applicable]

EAGF strata



Estimated error

Sampling interval

Confidence level







0 0



Precision

Upper projected incompliance rate (UPI)

0 0



Known errors: from other sources 0 0

0 0

Total Error

0 0

Conclusion:



Consolidated IRR

Materiality


value is attached (see Annex 5): Incompliance Rate – EAGF Non IACS) to this

report.



below/above [please choose the appropriate] 2 % for the EAGF Non-IACS population.

11.4. EAGF Non-IACS - Confirmation of the control data/statistics and the Management

declaration




population)

……..








60



[Note: in case there are no control statistics for certain market measures, the CB should

review the internal control reporting on the basis of which the MD was prepared. in case

the results are inconclusive i.e. UPI or PIR<2%, the CB should analyse the reasons at

scheme level and confirm or not certain control statistics. Please provide explanations

for which schemes the control statistics cannot be confirmed.]

11.5. Certifying error rate for reduction of control rate

[Please delete the text below and indicate “Not applicable” if the PA does not intend

to reduce the control rate]

In accordance with Article 41 of Regulation (EU) No. 908/2014 for the purpose of

reduction of the control rate, the error rate for the concerned population needs to be

certified. For claim year 20XX, for the scheme… [for example BPS/SAPS] we have

tested … files of the random OTSC sample of the PA and calculated the respective error

rate (Annex 4 a). We have not found error/we have found one or more errors (amounting

to………).


61



Our work resulted in a number of findings which led to various recommendations. We

have categorised these findings and recommendations into two groups [accreditation

findings and legality and regularity findings). For each finding, a level of importance

was attributed in accordance with the following grading.




to grade (1) in the accreditation matrix14 (refer to Guideline

No 1 of accreditation).
















The categories we used to classify our findings in respect of the legality and regularity

of expenditure are as follows:

- Major Findings Matters relating to weaknesses in the key controls - which

require immediate attention at a senior level within the Paying

Agency. (See lists of Key and Ancillary controls as made

available on CIRCABC.15).

- Intermediate Findings Matters relating to weaknesses in the ancillary controls -

which require prompt attention at an appropriate level within

the Paying Agency.

- Minor findings Matters relating to other weaknesses which require attention at

an appropriate level.

14 See Guideline no. 1 in respect of the accreditation.

15 Library > Audit of agricultural expenditure > New guidelines on the calculation on the financial corrections

C(2015)3675 > Final list of Key and Ancillary controls

https://circabc.europa.eu/faces/jsp/extension/wai/navigation/container.jsp?FormPrincipal:_idcl=navigationLibrary&FormPrincipal_SUBMIT=1&org.apache.myfaces.trinidad.faces.STATE=DUMMY&id=a392af30-1e6d-4e08-ac96-ab18399f2eaf&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAN0AAIxNHB0ACsvanNwL2V4dGVuc2lvbi93YWkvbmF2aWdhdGlvbi9jb250YWluZXIuanNw

https://circabc.europa.eu/faces/jsp/extension/wai/navigation/container.jsp?FormPrincipal:_idcl=navigationLibrary&FormPrincipal_SUBMIT=1&org.apache.myfaces.trinidad.faces.STATE=DUMMY&id=e4e041ab-f8a1-48c7-bad2-2cae7de16e73&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAN0AAIxNHB0ACsvanNwL2V4dGVuc2lvbi93YWkvbmF2aWdhdGlvbi9jb250YWluZXIuanNw

https://circabc.europa.eu/faces/jsp/extension/wai/navigation/container.jsp?FormPrincipal:_idcl=navigationLibrary&FormPrincipal_SUBMIT=1&org.apache.myfaces.trinidad.faces.STATE=DUMMY&id=87d4a972-49f2-4be9-95e7-75b43498696a&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAN0AAIxNHB0ACsvanNwL2V4dGVuc2lvbi93YWkvbmF2aWdhdGlvbi9jb250YWluZXIuanNw


https://circabc.europa.eu/faces/jsp/extension/wai/navigation/container.jsp?FormPrincipal:_idcl=navigationLibrary&FormPrincipal_SUBMIT=1&org.apache.myfaces.trinidad.faces.STATE=DUMMY&id=7db4c53d-bc29-4084-9d9a-e8897a4bfabe&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAN0AAIxNHB0ACsvanNwL2V4dGVuc2lvbi93YWkvbmF2aWdhdGlvbi9jb250YWluZXIuanNw

62

Recommendations related to minor findings are (in principle) not included in this reports

but are communicated separately to the Paying Agency's management in our letter of

recommendations. A list of minor recommendations is available to the Commission on

request.

12.2. Major Findings (by population – IACS and non-IACS)

[When applicable:] We identified a number of issues giving rise to major


[Note that a major accreditation finding should be linked to a grade 1 ("not working")

score in the matrix tables. Exceptions to this rule may only be granted in very particular

circumstances and need to be duly justified and explained. A major legality and

regularity finding should be translated into grade 1 or 2 depending on the overall impact

on the compliance with the accreditation criteria by the Paying Agency]

The following major findings were established in respect of accreditation/internal control

system issues:


Agency

CB assessment

of PA response

The following major findings were established in respect of legality and regularity

issues:


Agency

CB assessment

of PA response

12.3. Intermediate Findings (by population – IACS and non-IACS)



The following intermediate findings were established in respect of accreditation/internal

control system issues:


Agency

CB assessment

of PA response

The following intermediate findings were established in respect of legality and

regularity issues:


Agency

CB assessment

of PA response

13. FOLLOW-UP OF PREVIOUS YEARS' RECOMMENDATIONS

The following tables include previous years' major and intermediate recommendations,

the progress made against the outstanding recommendations, comments by the Paying

Agency and the assessment of the response by the Certification Body. The follow-up of

the financial errors is indicated in a separate table below.

63

[The CB is expected also to report on the implementation status of the recommendations

arising from DG AGRI's conformity audits. The information provided should be limited to

major findings and deficiencies which the PA should have normally included in Annex III of

the Management Declaration]

Major recommendations

In respect of accreditation/internal control system issues the situation is as follows:

Recommendation Status Response of Paying

Agency

Position of the

Certification

Body

[short description with

reference to the report

when the finding was

made]

[implemente

d/partly/not

implemented

]

[summary of the reply] [if the reply

/actions taken

are appropriate]

In respect of conformity/legality and regularity issues the situation is as follows:


Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]

Intermediate recommendations



Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]



Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]

64

Financial errors


Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]

13.1.1. Conclusion

[To conclude whether the PA followed-up properly all the potential irregularities

communicated by the Special Department during the financial year related to the most recent

scrutiny years (n-2/n-1 and n-1/n), and whether proper justifications were provided for those

cases where the PA decided not to pursue recovery.]


65

SECTION B – EAFRD

66

14. EXECUTIVE SUMMARY

14.1. Introduction

Following our appointment as auditors by the [name of national body, as appropriate], on the

[date of appointment] [if applicable], for a duration of [number of years/financial exercises] we

have performed an audit of the [name of Paying Agency] pursuant to Article 9 (2) of Regulation

(EU) No 1306/2013 of the European Parliament and of the Council in relation to its role as

Paying Agency. This audit related to the Paying Agency’s operation of the European Agricultural

Fund for Rural Development (EAFRD) for the financial year ended 15 October 20YY. The audit

was undertaken in accordance with internationally accepted auditing standards and entailed

consideration of the matters, set out in Article 5 (4) of Commission Implementing Regulation

(EU) No 908/2014.

We are also required to provide an opinion as to whether the annual accounts for the EAFRD

year ended 15 October 20YY are a true, complete and accurate record of the amounts charged to

the Fund, whether the internal control procedures have operated satisfactorily and whether the

expenditure declared to the Fund is legal and regular. This opinion is contained in the Audit

Opinion presented as part C of this report. We are further required to indicate whether our

examination puts in doubt any assertions made in the management declaration. A separate section

of the opinion deals with the Management Declaration.

Our work was performed in accordance with the requirements of Article 9 of Regulation (EU)

No. 1306/2013 and Articles 5 to 7 of Commission Implementing Regulation (EU) No 908/2014.

The format of this report is in accordance with the Commission Guidelines.

Our work covered the Paying Agency's compliance with the accreditation criteria, the existence

and functioning of the key internal controls and the procedures for ensuring compliance with EU

rules, the legality and regularity of expenditure claimed for reimbursement from the Commission

and the procedures for the protection of the financial interests of the EU. The findings and

recommendations arising from our work are summarised in this Chapter and detailed under the

relevant Chapters.

This report results primarily from the work undertaken by us since our appointment as a

Certification Body to the Paying Agency in relation to the financial year ended 15 October

20YY. [Where applicable] It also draws upon the work performed by ……. [external audit body]

or by the Internal Audit Unit of the Paying Agency [refer to section…..]. Additionally, we also

considered audit evidence obtained from other providers, both internal and external, the details of

which are outlined in Annex 2 to this report. Annex 1 to this Report contains a Glossary of

Abbreviations used.

14.2. Conclusions at fund level per objective

Our audit work and reporting were designed according to the following audit objectives:

Audit objective 1- Audit of the annual accounts ("accounts")

Audit objective 2- Legality and regularity of expenditure ("legality and regularity"),

including the Management declaration

The proper functioning of the internal control system is covered under both audit objectives.

Article 5 (4) of Commission Implementing Regulation (EU) No 908/2014, sets the questions

which the certification body is required to respond to. These questions and our conclusions are

set out below.

67

Requirement per Article 5 of

Regulation 908/2014

Part/Audit

objective

Conclusion

The Paying Agency complies

with the accreditation criteria.

A and B;

Audit

objectives 1

and 2

For our overall opinion in this respect, refer to the

Audit Opinion (see also the internal control

system).

In general, the Paying Agency complies with the

accreditation criteria [when applicable:] except…..

[summarise major accreditation issues]

Key recommendations are summarised in

subsection 25 below and are elaborated in more

detail in the relevant sections of this report.

The annual accounts referred

to in Article 29(chapter III) of

Regulation No 908/2014 are in

accordance with the books and

records of the Paying Agency.

B; Audit

objective 1

For details of our opinion in this respect see the

Audit Opinion.

The statements of expenditure,

and of intervention operations

[delete reference to

intervention if not applicable],

are a materially true, complete

and accurate record of the

operations charged to the

EAFRD.

B; Audit

objective 1


Audit Opinion.

The financial interests of the

Union are properly protected

as regards advances paid,

guarantees obtained,

intervention stocks [delete

reference to intervention if not

applicable]and amounts to be

collected.

B; Audit

objective 1

The financial interests ….

For advances and guarantees ...

Reporting and reconciliation procedures for

intervention are…..

The recovery of amounts outstanding is ...

The completeness of Annex II/III is ensured and

detailed observations are included in section 18 of

the report.

The Paying Agency's

procedures are such as to give

reasonable assurance that the

expenditure charged to the

EAFRD was effected in

compliance with Union rules,

thus ensuring that the

underlying transactions are

legal and regular, and that

recommendations for

improvements, if any, have

been followed-up.

B; Audit

objective 2


Audit Opinion.

68

14.3. Overall assessment of the internal control system and compliance with the

accreditation criteria

14.3.1. Standard

Our assessment is based on our review of the internal control system (ICS) of the Paying Agency,

including its compliance with the accreditation criteria. It is summarised in the matrix below

using the following assessment criteria:

(1) Not working. There is a clear non-respect of one or more accreditation criteria or there are

serious deficiencies. The seriousness of the deficiencies are such that the Paying Agency cannot

fulfil the tasks set out in Article 7 of the Regulation (EU) No 1306/2013. Not all risks are

addressed by controls and/or there are likely to be frequent control failures. ICS functions poorly

or does not function at all. The deficiencies are systemic and wide-ranging. High deviations were

found that were not detected by the PA’s internal control system. As a consequence, no assurance

can be obtained from the system. Scores = [1; 1,5]

(2) Works partially. There are other deficiencies which do not fall under (1), but which would

have to be followed-up according to Article 2 (1) of Commission Implementing Regulation (EU)

No 908/2014. All risks are addressed to some extent by controls which may not always operate as

intended. Moderate deviations were found, which affected substantially the effectiveness of

controls AND only part of these moderate deviations was detected by the PA’s ongoing controls

and corrected by the PA itself. Scores = [1,51; 2,5]

(3) Works. Minor issues were detected but there is scope for improvement. All risks are

adequately addressed by controls which are likely to operate effectively with some deficiencies

having a moderate impact on the functioning of the key requirements. Only minor deviations

were found, which did not affect substantially the effectiveness of controls OR if those moderate

deviations affected substantially the effectiveness of controls the PA’s ongoing controls detected

them and the self-correcting mechanism of the PA operated. Scores = [2,51; 3,5]

(4) Works well. No deficiencies or only minor deficiencies were found. All risks are adequately

addressed by controls which are likely to operate effectively. No exception was found OR only

minor (formal) deviations were found which did not affect substantially the effectiveness of

controls and did not lead to financial errors. Scores = [3,51; 4,0]

In cases where the procedure / component is not valid, it is indicated as not-applicable (N/A). Our

assessment is partly based on reviews carried out in previous financial years, where we have

confirmed that no major changes in the procedures / components have occurred; in such cases our

assessment is indicated in brackets "( )". As regards our assessment of the Internal Audit service,

if certain areas are still to be audited by Internal Audit, we base our assessment on the adequacy

of the five year audit plan. In such circumstances our assessment is also indicated in brackets "(

)".

14.3.2. Detailed Assessment

Matrix I below concerns schemes under EAFRD covered by the IACS, i.e. support schemes

under EAFRD established under Chapter II of Title V (articles 67 to 78) of Regulation 1306/2013

of the European Parliament and of the Council. Matrix II below concerns schemes under EAFRD

not covered by the IACS. The general conclusion (overall scores at IACS and Non-IACS level)

are provided in accordance with Section 5.4 of Guideline 2 and reflected in our Audit Opinion.

[The matrices should be prepared on the basis of the matrices used for objectives –"accounts"

and 2-("legality and regularity"), by merging the matrices developed for each objective].

69

[A separate matrix should be prepared for each population or strata tested because of the

audit work conducted for objective 2 at population level. However, as the audit work for audit

objective 1 is conducted at Fund level, the same scores should appear per IACS and Non-IACS.

In addition, if some processes like debt management or execution of payments is conducted in

the same way for the two Fund, the same scores will appear in the matrices in Part A and B. ]

IACS

S

T a t

10 %

o r

15 % S

T a t

5 % S

T a t

5 % S

T a t

5 0 % S

T a t

5 % S

T a t

10 % S

T a t

10 % S

T a t

5 % W T

We ig ht

e d

to ta l

Adminis tra tiv

e co ntro ls 4 0,4 4 0,2 2 0,1 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 3 ,15 0,63

On-the-s po t

co ntro ls 4 0,4 4 0,2 2 0,1 2 1,0 3 0,15 3 0,3 2 0,2 4 0,2 2 0 % 2 ,0 0 0,40

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 10 % 3 ,2 5 0,33

4 0,6 4 0,2 2 1,0 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 2 ,0 0 0,40



Cla im

pro ces s ing,

inc luding

va lida tio n and

auto ris a tio n


Acco unting


Debts management


D e le g a t io

n

C o m m u

nic a t io nIS S

O n-

g o ing

m o nit o r

ing

Int e rna l

a ud it


M a trix I - A s s e s s m e nt o f the IC S fo r the IA C S po pula t io n

A s s e s s m e nt

c o m po ne nt


C o ntro l

a c t iv it ie s



a t

a s s e s s m e nt

c rite ria

Ge ne ra

l

c o nc lu


o nHR

Key to the table:

S – Score – should correspond to the assessments in Chapter 4

W – Weight given to each assessment criteria and the Internal Control System –

corresponding to section 5.4 of Guideline No 2

T – Total = Weight * Score

[EITHER:]

The overall assessment of the Internal Control System for the IACS population is [select one:

does not work; it works partially; it works; it works well]

[Or]

On the basis of the internal control matrix above, the conclusion on the internal controls system

for the IACS population would be that [select one: it does not work; it works partially; it works;

it works well]. However, we do not agree with this conclusion. Our assessment used to determine

the sample size for substantive testing is [select one: does not work; it works partially; it works;

it works well] for the following reasons:

[ please elaborate]

70

Non-IACS

S

T a t

10 %

o r

15 % S

T a t

5 % S

T a t

5 % S

T a t

5 0 % S

T a t

5 % S

T a t

10 % S

T a t

10 % S

T a t

5 % W T

We ig ht

e d

to ta l

Adminis tra tiv

e co ntro ls 4 0,4 4 0,2 2 0,1 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 3 ,15 0,63

On-the-s po t

co ntro ls 4 0,4 4 0,2 2 0,1 2 1,0 3 0,15 3 0,3 2 0,2 4 0,2 2 0 % 2 ,0 0 0,40

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 15 % 3 ,2 5 0,49

4 0,6 4 0,2 3 1,5 3 0,15 3 0,3 3 0,3 4 0,2 10 % 3 ,2 5 0,33

4 0,6 4 0,2 2 1,0 3 0,15 3 0,3 3 0,3 4 0,2 2 0 % 2 ,0 0 0,40



Cla im

pro ces s ing,

inc luding

va lida tio n and

auto ris a tio n


Acco unting


Debts management


D e le g a t io

n

C o m m u

nic a t io nIS S

O n-

g o ing

m o nit o r

ing

Int e rna l

a ud it


M a trix I - A s s e s s m e nt o f the IC S fo r the N o n-IA C S po pula t io n

A s s e s s m e nt

c o m po ne nt


C o ntro l

a c t iv it ie s



a t

a s s e s s m e nt

c rite ria

Ge ne ra

l

c o nc lu


o nHR

[Note: The above matrices are as per Guideline Nº 2 on the annual certification audit. It

provides a precise mathematical calculation of the overall assessment, based on the results of the

testing reported in chapter 4 on compliance with the accreditation criteria. However, the

Commission seeks the auditor's professional judgement. Therefore, if the CB is of the opinion

that the resulting general conclusion presents a misleading assessment of the Internal Control

System, the CB should:

1. Disregard the calculated general conclusion;

2. Indicate its professional assessment of the functioning of the Internal Control

System;

3. Clearly explain the basis on which the CB made a different assessment. In all cases,

the assessment should be in line with section 5.4 of Guideline NO 2, i.e. 1 = does

not work; 2 = works partially; 3 = works; 4 = works well.]

[EITHER:]

The overall assessment of the Internal Control System for the IACS population is [select one:

does not work; it works partially; it works; it works well]

[Or]

On the basis of the internal control matrix above, the conclusion on the internal control system

for the non-IACS population would be that [select one: it does not work; it works partially; it

works; it works well]. However, we do not agree with this conclusion. Our assessment used to

determine the sample size for substantive testing is [select one: does not work; it works partially;

it works; it works well] for the following reasons…please elaborate]

14.3.3. Overall assessment of the Internal Control System

Our overall assessment of the internal control system and compliance with the accreditation

criteria for the EAFRD is as follows:

71

Population / Strata Assessment

EAFRD – IACS

EAFRD – non-IACS

Strata (please specify)

72

15. AUDIT STRATEGY OF THE CERTIFICATION BODY

[Note: the purpose here is not to repeat what is written in Guideline No 2 on the audit strategy.

The CB should explain the factors it considered in the overall approach and the results of the

risk assessment implemented as part of the audit strategy. Only in case the CB decided to

deviate from the standard approach (described in Guideline 2) or modified its approach e.g. by

applying specific sampling parameters, this should be duly explained.]

15.1. Audit risks and Control Risks assessment per population/measure

[provide a short summary on the results of the risks assessment for the fund per

population/measure in accordance with the guidance in section 4.1 of Guideline 2 related to the

audit risk model.

15.2. Summary of Audit Strategy and Audit Plan for EAFRD

• Audit scope and objectives;


• Audit assurance and materiality per audit objective;

We based our assessment of the internal control system on the previous year's report. [However,

if this was not the case it would have to be explained what it was based on.]


• Systems and controls per audit objective;





• Risk assessment per audit objective;

[provide a short summary on the control risk assessment (the assessment of Inherent risk

and control risk) at least per population in line with the table on p. 16 of Guideline 2.

This should be linked to the assessment of the ICS and the system assurance.]





• The audit approach per audit objective;

[provide a short summary which should include the sampling approach per

population/strata, dual-purpose testing, etc]

[If the CB chose to apply the "Methodology document for the Certification bodies in

respect of the audit work related to IACS cross-checks and data integrity to be performed

73

in the context of the annual certification audit EAGF/EAFRD expenditure", it should be

described here]





• Re-verification of on-the-spot controls;

[Describe the method used for the re-verification of on-the-spot controls (e.g.

accompaniment of the PA's inspector, re-performance by the CB's own auditor,

delegated; classical or control with remote sensing whether there were rapid field visits.

Describe whether the representativeness of the PA's random OTSC sample was tested

and confirmed).

For the time constrained measures, the timing of the re-verification needs to be

mentioned as well. In particular, the CB should explain which procedures allowed the

re-verification to be done as soon as possible after the PA's OTSC, and any specific

consideration regarding the timing]

[Particularly for the non-IACS measures, elaborate on the key elements of the re-

verifications for the measures selected and how the sub-sampling elements on the

payments were selected for on-the-spot re-verifications (e.g.: based on invoices, nature

of cost declared, etc).]

• The nature and extent of the CB's reliance on the work of Internal Audit, third

party subcontracted auditors, specialists and experts, third party certificates from bodies

accredited for the chosen international standard, etc.16;

[The CB may rely on the work of other auditors or technical experts

It should conduct sufficient work to get assurance on the appropriateness and quality of

this work. See International Standard on Auditing ISA 600 " Using the work of another

auditor", International Standard on Auditing (ISA) 610, “Considering the Work of

Internal Audit” and ISA 620 "Using the work of an expert".

Provide a description of the work done by third parties and how the CB gained

assurance of the quality of that audit work/which monitoring mechanisms were there in

place/what monitoring mechanisms were there in place. In case of changes of CB,

explain to which extend the (new) CB relies on the work of the previous one, e.g. re-

verifications already performed, sampling parameters already established.

16 The Certification Body may rely on the work of other auditors, such as original audit work done by the

Paying Agency’s Internal Audit function or by third party subcontracted auditors, specialists and experts,

third party certificates from bodies accredited for the chosen international standard, etc. However, the

Certification Body should conduct sufficient work itself to give assurance on the appropriateness and

quality of this work. See International Standard on Auditing ISA 600 " Using the work of another auditor",

International Standard on Auditing (ISA) 610, “Considering the Work of Internal Audit” and ISA 620

"Using the work of an expert".

74

In case only when a part of the reverification only is done by another party, this section

should be filled.

• Any assumptions and estimations made during the course of the review;


• Plan of audit activities;


[Other information if applicable]

[Describe any other relevant information concerning the governance of the Paying

Agency which was in one way of the other taken into consideration when designing the

audit strategy.]

15.3. Resources

The audit team of the Certification Body in respect of the EAFRD which performed the work

comprised N professional staff. The resources dedicated to the project varied during the year as

required. The qualifications of the personnel involved are summarised as follows:

Chartered Accountants Others TOTAL

Person days Person days Person days

N° N° N°

[In the case the Certification Body externalised the re-verifications] For the re-reverifications, the

team which performed the work comprised N professional staff. The resources dedicated and the

qualifications of the personnel involved are summarised as follows:

Qualification Person days

N°

Total N°

75

EAFRD - PART A –Audit objective 1- Audit of the annual accounts

16. COMPLIANCE WITH ACCREDITATION CRITERIA – REVIEW OF THE INTERNAL

CONTROL SYSTEM


assessment of the internal control system and for our assessment in respect of the Paying

Agency's compliance with the accreditation criteria per internal control procedure / component as

indicated in the Accreditation Matrix used for audit objective 1. We have assessed the

compliance with the accreditation criteria by using the grading "1" to "4". Our overall assessment

is outlined below:


c o n

c lus

io n

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 2 5% 0

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 2 5% 0

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 17% 0

10% 0 5% 0 5% 0 50% 0 5% 0 10% 0 10% 0 5% 0 3 3 % 0

Weighting /

Sco ring

Execution o f

payments

Accounting

Advances and

securit ies

Deb ts

management

M A TR IX - A s s e s s me nt o f t he IC S ( aud it o b je c t ive 1) f o r EA F R D

A s s e s s me nt

c o mp o ne nt

P ro c e d ure

Int e rna l e nv iro nme nt

C o nt ro l

ac t iv it ie s

Inf o rmat io n and

c o mmunic a t io n M o nit o ringEva luat io n a t

a s s e s s me nt

c rit e ria

Ge ne r

a l

c o nc l

us io n

O rg anis a t io

na l

s t ruc t ure

Human

re s o urc e s

Communicatio

n I.S . Sec.

Ongo ing

monitoring Internal A ud it

D e le g a t e d

t a s ks

16.1. Understanding the entity/processes

[in line with Guideline 2 part 4.2, describe the audit activities performed, the processes

reviewed and insert the main conclusions regarding the control environment, particular

risks and any development having occurred during the FY]

16.2. Compliance testing / test of controls - Control Activities

We confirmed our assessment of the accreditation procedures against the control activities by

carrying out the following compliance testing/test of controls as suggested in Guideline N° 2:

[please indicate the number of transactions tested]


Payment procedures Chapter X.X.X

Accounting procedures Chapter X.X.X

Advances/securities Chapter X.X.X

Procedures for debts Chapter X.X.X

76

[The minimum sample size should be established in line with Section 5.3 of Guideline No

2. The allocation of the sample for the compliance tests defined as the minimum sample

size at Fund level among the different populations/strata, is to be determined by the CB

based on its professional judgement.]

16.3. Evaluation per accreditation criterion

Annex I of Commission Delegated Regulation (EU) No 907/2014 sets out the accreditation

criteria. [Procedures are to be reviewed in accordance with Guidelines Numbers 1 and 2. Based

on the review of the control environment and the accomplished compliance testing, provide the

assessment and findings for each control procedure. Scores (using the scoring system for

accreditation criteria) are to be provided separately for IACS and Non-IACS. Financial errors

(with financial impact on the accounts) are also to be reported and considered in the overall

error evaluation, section 1.6.1. This should include an assessment of whether the deficiency is an

isolated instance or represents a generic issue.

16.3.1. Control activities: Procedures for payment

16.3.1.1. Findings


recommendation. Provide also a brief summary of the nature of deficiencies attributed

a grading of 3, formal errors, confirm that these have no financial impact, and that

these do not represent a generic/system issue Describe the financial errors that were

detected]

1) ……….

2) ………

16.3.1.2. Assessment


16.3.2. Control activities: Procedures for accounting

16.3.2.1. Findings





detected]

1) ……….

2) ………



16.3.3. Control activities: Procedures for advances and securities

16.3.3.1. Findings





detected]

1) ……….

2) ………

77



16.3.4. Control activities: Procedures for debts

16.3.4.1. Findings





detected]

1) ……….

2) ………



16.4. Other accreditation components

We confirmed our assessment of the other accreditation components against the standard (Annex

I of Commission Delegated Regulation (EU) No 907/2014) by carrying out reviews/tests to

ensure the Paying Agency's compliance with the criteria. [Procedures to be reviewed in

accordance with Guideline No 1 and No 2. Based on the review provide here an assessment per

accreditation component. Scores (using the scoring system for accreditation criteria) are to be

provided. There should be a clear distinction between IACS and non-IACS (if relevant). All

findings and recommendations related to grading of 1-3 should be reported. Financial errors

(with financial impact on the accounts) are also to be reported and to be considered in the

overall error evaluation. It should be assessed whether the deficiency is an isolated instance or

represents a generic issue.]

16.4.1. Internal environment: Organisational structure

16.4.1.1. Description of the organisational structure

The Headquarters of the Paying Agency are located at … [address]. The Headquarters employ

XXX persons corresponding to the full-time equivalent of YYY staff. [if only part of the staff

works on PA matters:] Out of the staff of the institution, ZZZ persons work on tasks related to

paying agency functions.

The Paying Agency also has WWW regional/local offices. The total number of people employed

at these offices is VVV persons corresponding to the full time equivalent of PPP staff.

16.4.1.2. Findings





detected]

1) ……….

2) ………



78

16.4.2. Internal environment: Human-resource standard

16.4.2.1. Findings



a grading of 3, formal errors confirm that these have no financial impact, and that


detected]

1) ……….

2) ………



16.4.3. Internal environment: Delegation

16.4.3.1. Summary of delegated tasks

The Paying Agency has delegated tasks to other institutions (referred to as delegated

bodies") as per the table below:

Name of the Institution Type of tasks delegated Date of the delegation

agreement

National Forestry Agency

(EU Coordination Unit)

EAFRD Non-IACS on-the-

spot controls

Signed: 22.01.2011,

updated: 25.02.2014

…

We confirm that the rules and guidelines regarding the delegation of tasks are described in detail

in the delegation agreements listed above [when applicable:] as well as in the … [applicable

legal text: law/regulation/ministerial decree, number and date]. In addition, the Paying Agency

issued a set of instructions for each specific scheme, which covers the quality aspects and the

reporting on the delegated tasks.

16.4.3.2. Findings





detected]

1) ……….

2) ………



79

16.4.4. Information and communication: Communication

16.4.4.1. Findings





detected]

1) ……….

2) ………



16.4.5. Information and communication: Information Systems Security

16.4.5.1. Standard

Annex I, 3 B of Regulation (EU) No 907/2014.

16.4.5.2. Work Done (by population – IACS and non-IACS)

We reviewed the compliance of the "Information Systems Security" with the requirements of the

standard as stated above. Our services have carried out sufficient work to provide assurance on

the appropriateness and quality of any work performed by other auditors, specialists and experts17

in the following areas: xx;xx;xx [if applicable].

The table below indicates the overall situation:

Yes / Not Applicable No / Not Applicable

The yearly expenditure of

the paying agency is more

than €400 million:

[if no, please provide here the

standard used by the PA (e.g.

ISO 27002:2013 / BSI /

COBIT)**]

The paying agency has

obtained ISO 27001:2013

certificate/ISO 27001-

Zertifikat auf der Basis von

IT-Grundschutz:

[please provide the date

of issue and the date of

validity]

[if no, and the expenditure is

more than €400 million,

please provide further

explanations below]

The certificate* covers all

key tasks of the paying

agency:



17 See International Standard on Auditing (ISA) 610, “Considering the Work of Internal Audit” and ISA

620 "Using the work of an expert".

80

The certificate* covers

also delegated tasks:



* For German paying agencies, the certificate is covering the interfaces to IT service

providers which are responsible for the provision of outsourced IT application

environments (where these are not provided in-house) and to other bodies which carry

out delegated and outsourced paying agency tasks according to the 'Model of the

information domain for EU paying agencies' (Modell Informationsverbund für EU-

Zahlstellen).

** Please note that the standard in case of ISO is 27002:2013 for financial year 2016

(Annex I, 3 B of Regulation (EU) No 907/2014).

[In case the paying agency has obtained a valid ISO 27001:2013 certificate (for German

paying agencies ISO 27001 certificate based on IT Grundschutz), and the scope of the

certificate covers all key tasks of the paying agency, then the CB can rely on the

certificate and no additional assurance work is required. The CB should provide the

certificate as an annex to its report or a corresponding reference. However, in case the

scope of the certificate is not covering all key and delegated tasks of the paying agency,

then the CB should conduct sufficient work in the areas not covered by the certificate and

report on them accordingly; or refer to 3rd party audit report. Nevertheless, in case the

certificate was issued at the very end of the financial year 2016 or later (and therefore it

was not valid for the full period of the financial year), the CB may consider to carry out

some additional audit work based on its risk assessment.]

*** Assessed in accordance with the Statement of Applicability; and considering that

delegated bodies must assure the same level of information security that is required for a

paying agency.

[Delete if not appropriate:] The 3rd party certificate can be found [in annex/at the following

address: https://.....].

[Delete if not appropriate:] As [a] Delegated Bodies[y] are[is] not covered in the ISO/BSI 27001

certificate or the Paying Agency is not ISO/BSI 27001 certified, the table(s) below describes the

situation:

Name of the Delegated Body(ies): ________________________________________

Control (Yes/No/NA) If not, please justify and/or provide possible

comments below.

The Service Level Agreement

between the Paying Agency and the

delegated body or Agreement or

Memorandum of Understanding

includes provisions on information

systems security for the delegated

body.

81

The Paying Agency is monitoring

that the security provisions in the

agreements are complied with (e.g.

by reviewing regular reporting from

the Delegated Body).

The Internal Audit Service is

carrying out audits in the delegated

body(ies) covering also IT security

issues.

Other units in the Paying Agency or

service provider(s) are carrying out

audits in delegated bodies covering

also IT security issues.

The Certification Body is carrying

out audits in the delegated body(ies)

covering also IT security issues.

[Provide more tables if needed in case of several Delegated Bodies with a different

status/situation]

16.4.5.3. Assessment and Findings (by population – IACS and non-

IACS)

[If certified, the CB should refer to that.]

[In case the PA has not been certified / or relating to areas and/or delegated tasks not

covered by the certificate / or based on the CB's risk assessment: Provide here

explanations of all significant findings for each domain of the chosen international

standard. If there are no findings for a particular domain then state that "Our review has

identified no findings in this domain".]

[For example: If the paying agency has chosen ISO 27002 as the basis of its information

security, the certification body should review and report on each of the following

domains:

- Information security policies

- Organization of information security

- Human resource security

- Asset management

- Access control

- Cryptography

- Physical and environmental security

- Operations security

- Communications security

- System acquisition, development and maintenance

- Supplier relationship

- Information security incident management

- Information security aspects of business continuity management

- Compliance]

82

16.4.5.4. Recommendations (by population – IACA and non-IACS)

[List here the major/intermediate recommendations only in case not already reported in

chapter 1.7.]

In our opinion, the scoring for this component is [1 – 4].

16.4.6. Monitoring: Ongoing monitoring via internal control activities

16.4.6.1. Findings



a grading of 3, formal errors, and confirm that these have no financial impact, and that


detected]

1) ……….

2) ………



16.4.7. Monitoring: Separate evaluations via an internal audit service

16.4.7.1. Findings



a grading of 3, formal errors, and confirm that these have no financial impact, and that


detected]

1) ……….

2) ………



16.4.8. Accreditation Status

[only use this part if there are/were changes affecting the accreditation status of the

PA. Please describe the changes]

83

17. SUBSTANTIVE TESTING OF OPERATIONAL AND NON-OPERATIONAL

TRANSACTIONS

17.1. Introduction

In this section we provide an assessment of the substantive testing results. We have attached a list

of all items selected for substantive testing, in the format proposed by the Annexes to Guideline

No 3 on the Reporting Requirements.

[Include the financial errors– from section 4.2 to 4.4 in the overall error evaluation

section 6.]

17.2. Test results in respect of the EAGF – error rate

17.2.1. Overview

Our sample selection of (xxx) items was based on …


17.2.2. Work Done

We reviewed in total (xxx) and an additional xx transactions in respect of EAFRD following the

requirements of Guideline 2 – Audit Strategy. [explain if the testing was done at Fund level or at

population level and whether dual-purpose testing was used].

The list of all cases appears in Annex 17:Sample reviewed in substantive testing – EAFRD.


[Provide an explanation of the nature of the financial errors found (random, known),

listed in Annex 17, and possible root causes. Where formal errors are found, a clear

conclusion has to be drawn that the formal errors indicated in the Annex 3 do not have a

financial impact, and that these are of an incidental nature. Indicate also the significance

of the findings (major/intermediate/minor) including a reference to the frequency with

which they occurred

As mentioned in part 8.1 of Guideline 2, a clearly trivial threshold of EUR 150 and 2

% of the audited amount is to be taken into account.]


Measure: XXXX

Beneficiary

reg. code:

XXXX

Specific

Legal basis:

XXXX

84


XXXXX

Impact:

XXX



17.3. Overall test result of EAFRD population

[Provide an assessment on the test result for the EAGF population.]

17.4. Test results of non-operational transactions.

For each of the audited populations, an assessment of the results of our testing is provided. The

error evaluation is included in section 24. The findings are further detailed below.

17.4.1. Test results of tables of Annex II - irregularities

17.4.1.1. Work Done


financial value. [Link it to Annex 17 – Evaluation of Errors – Debtors - EAFRD]


[Provide an explanation of the nature of the financial errors found, listed in the Annex 9,

and possible root causes. Where formal errors are found, a clear justification has to be

provided to explain why the formal errors found do not have a financial impact, and that

these are of an incidental nature. Indicate also the significance of the findings

(major/intermediate/minor) including a reference to the frequency with which they

occurred.]

85



17.4.2. Test results on Tables of Annex III

17.4.2.1. Work Done


financial value. [Link it to Annex 17– Evaluation of Errors – Debtors - EAFRD]


[Provide an explanation of the errors found, listed in Annex 10, and possible root causes.





17.4.3. Test results in respect of advances and securities

17.4.3.1. Work Done


financial value.


[Provide here explanations for each financial error and for each significant finding.

Where formal errors are found, a clear conclusion would have to be drawn that the

formal errors indicated in the Annex 11 do not have a financial impact. Indicate also the

significance of all findings (major/intermediate and minor) including a reference to the

frequency with which they occurred.]:



86

18. RECONCILIATION OF QUARTERLY AND ANNUAL DECLARATIONS

18.1. Reconciliation of quarterly and annual declarations of EAFRD expenditure

18.1.1. Standard

To verify whether the4 quarterly18

reports agree with the annual declaration for the 20XY

financial year.

18.1.2. Work done

We have verified the differences and explanations in the electronic "diff." table

(document/XXXX/XXXX, explanation-reconciliation codes "B") provided by the Paying

Agency.

In addition, we assessed the Administrative Errors declared in the Quarterly Declarations

and those declared separately in the Annual Declaration. We also verified that the

administrative errors are not included in the Annex II and Annex III tables, and we also

reviewed whether these have been credited to the Fund 19.

18.1.3. Findings

18.1.3.1. Reconciliation of differences

Programming period 2014-2020

Budget post Total of Quarterly

reports

Annual Account Difference

05046001XX XXX XX

05046001XX XXX XX

05046001XX XXX XX

05046001XX XXX XX

Etc.

---------------------- -------------------- -------------------

Total

============ ============ ===========

The explanations for the differences are as follows:

18 The 4 quarterly reports shall cover the whole period of the given financial year from 16 October of 20Y

to 15 October 20Y+1.

19 Introduced as a negative amount in the Quarterly or Annual Declarations.

87

18.1.3.2. Administrative Errors

We can confirm that the Administrative Errors have been refunded. The total amount included in

the declarations amounts to:


Administrative Errors (reported/deducted) Amount (EUR)

1. Annual Declaration20

2. Quarterly Declarations


After the closure of the programme (31/12/2015) the following administrative errors have been

revealed.

Administrative Errors (established) Amount (EUR)

01/01/2016-15/10/2016

18.1.4. Assessment


"diff." table (document/XXXX/XXXX, explanation-reconciliation codes "B") is complete and

accurate, and the explanations given are valid and justified.


18.2. Reconciliation of annual declaration and X-table data of EAFRD accounts

18.2.1. Standard

To verify whether the 4 quarterly22 reports agree with the X-table data for the 20XY

financial year.

20 Reported in 13th period (as a difference between Total of Quarterly Declarations and Annual Account).

21 If there are differences, their type and origin should be explained (e.g. differences between total of

Quarterly declarations and Annual Account or between total of the Quarterly declarations and X-table

data).

22 The 4 quarterly reports shall cover the whole period of the given financial year from 16 October of 20Y

to 15 October 20Y+1.

88

18.2.2. Work done

We have reviewed the completeness, accuracy and relevance of the electronic "diff." table

(document/XXXX/XXXX, explanation-reconciliation codes "C") provided by the Paying

Agency.

18.2.3. Findings

Reconciliation of differences for Programming period 2014-2020

1………

2………

………..

18.2.4. Assessment


"diff." table (document/XXXX/XXXX, explanation-reconciliation codes "C") is complete and

accurate, and the explanations given are relevant and justified.


18.3. Reconciliation of the information required by Annex II and Annex III of Commission

Implementing Regulation (EU) No 908/2014to the debtors' ledger - EAFRD

18.3.1. Standard

To reconcile the closing balances of the previous financial year to the opening balances

of the current financial year in respect of the debtors' ledger and the Annex II and

Annex III tables.

To reconcile the data reported in Annex II and Annex III of Commission Implementing

Regulation (EU) No 908/2014 to the debtors' ledger in respect of the current financial

year.

18.3.2. Work done

18.3.3. Findings

Reconciliation closing balance n-1 / opening balance n

Closing balance FY

n-1 (as at 15/10/n-1)

Opening balance FY

n (as at 16/10/n-1)

Difference

Annex II (1)

Annex III (2)

Debtors' ledger (3)

23 If there are differences, their type and origin should be explained (e.g. differences between Final

Monthly Indent and Annual Account or between Final Monthly Indent and X-table data).

89

We have reconciled the closing balances of the previous year's debtors' ledger, Annex II

and Annex III tables and the opening balances of the current year debtors' ledger, Annex II

and Annex III tables and we can confirm that there are no discrepancies

[In case discrepancies are identified, please provide the necessary justifications]

Justification of differences:…..

(1)…

(2)…

(3)…



Balance

16

October

New cases Recovered

amounts

Corrected

amounts

Total non-

cleared

amounts

declared

irrecoverable

Amounts to

be

recovered

by 15

October

Annex II

Annex III

Debtors' ledger

Differences



1.

2.

3.

4.

5.

The following discrepancies25 between the amounts used for this reconciliation in respect of

Annex II and Annex III (as shown in the above table) and the amounts indicated in the final

Annex II and Annex III tables provided by the Paying Agency, were noted:

24 See also Guideline No. 5 Guideline no 5 on the submission to the Commission of the Annexes II and II

of Commission Implementing Regulation (EU) No 908/2014.

90

………..

We furthermore confirm that the closing balances mentioned on the summary tables of,

respectively, Annex II and Annex III (amounts to be recovered as at 15 October n) tally with the

sum of:


Annex III)

+ New cases


– Recoveries


Based on the above reconciliation it is confirmed that the amount:……. EUR of recoveries

from debtors was effected by the Paying Agency with regard to 2007-2013 programming

period between 16/10/2015-15/10/2016, which is to be reimbursed to the Fund.



Balance

16

October

New cases Recovered

amounts

Corrected

amounts

Total non-

cleared

amounts

declared

irrecoverable

Amounts to

be

recovered

by 15

October

Annex II

Annex III

Debtors' ledger

Differences



1.

2.

3.

4.

5.

6.

25 The amounts used for the reconciliation regarding Annex II and Annex III should be equal to the

amounts indicated in the final tables provided by the Paying Agency; any differences should be sufficiently

explained.

26 See also Guideline No. 5 Guideline no 5 on the submission to the Commission of the Annexes II and II

of Commission Implementing Regulation (EU) No 908/2014.

91

The following discrepancies27 between the amounts used for this reconciliation in respect of

Annex II and Annex III (as shown in the above table) and the amounts indicated in the final

Annex II and Annex III tables provided by the Paying Agency, were noted:

………..

We furthermore confirm that the closing balances mentioned on the summary tables of,

respectively, Annex II and Annex III (amounts to be recovered as at 15 October n) tally with the

sum of:


Annex III)

+ New cases


– Recoveries


Confirmation of "50/50 tables".

As part of our tests on Annexes II and III, we reviewed the tables established by the PA setting

out the amounts to be borne by the Member States according to the 50%/50% rule as well as the

amounts to be borne in full by the EU budget due to irrecoverability. We confirm the figures

mentioned in the table below:

Paying Agency

50% to be charged to the MS

(article 54(2) of Regulation (EU)

No 1306/2013

100% to be borne by the EU budget

(article 54(3) of Regulation (EU) No

1306/2013

EAFRD

Programming

period 2007-2013

18.3.4. Assessment

We confirm that the "50/50" table is complete and accurate, and the explanations given

are relevant and justified.


18.4. Reconciliation of the recoveries as per the annual declaration of EAFRD to the

Annex II and Annex III

18.4.1. Standard

There must be a clear audit trail to support the reconciliation between the figures of the

reused amounts according to second paragraph Article 56 of Regulation (EU) No

1306/2013, shown in the annual declaration of EAFRD expenditure, and the Annex II and

Annex III information.



explained.

92

18.4.2. Work done

We have reviewed both the adequacy of the procedures in place and the outcome of the

reconciliations.

18.4.3. Findings

Reconciliation of recovered and reused amounts per annual declaration of EAFRD

expenditure and recoveries included in Annex II and Annex III

Recovered and reused amounts per annual

declaration of EAFRD expenditure

1.000.000,00

Recoveries in Annex II 1.100.000,00

Recoveries in Annex III 100.000,00

Difference 200.000,00

Explanations of differences:

1. ……..

2. ………

3. ………

Discrepancies28 between the amounts listed in the above table and the amounts indicated in the

final Annex II and Annex III tables provided by the Paying Agency, are explained as

follows:………..

18.4.4. Assessment

We reviewed the Paying Agency's reconciliation process and are satisfied that it was

performed properly.




explained.

93

18.5. Confirmation of advances

18.5.1. Objective

To review the confirmation of the stock of advances still to be cleared at the end of the financial

year as submitted by the Paying Agency within the annual accounts in accordance with Article 29

of Regulation (EU) 908/2014.

18.5.2. Work done

We have reviewed the tables prepared by the Paying Agency presenting the amounts of

advances payments still to be cleared at the end of the financial year (as of 15/10/N)

(Annex 5 b,b(1) ,c and c(1)).

18.5.3. Findings

[In case the paying agency is responsible for several RD programmes, such a

confirmation is expected for each Rural Development programme (with indication of the

CCI number).]

18.5.4. Assessment

We confirm that the amounts mentioned in the Annex 5 b,b(1) ,c and c(1) are complete

and accurate and correspond to the cumulative net and not yet cleared outstanding

advances (as defined in paragraph 5.3.1 of Guideline no 1), paid to beneficiaries under

EAFRD.

[In case of discrepancies between the amounts reported by the PA and the CB's findings,

please indicate the percentage of deviation between what was reported and what should

have been reported and provide the necessary justifications for the difference.].


18.6. Confirmation of advances related to financial instruments

18.6.1. Objective

To review the stock of EAFRD amounts contributed to financial instruments as referred to in

Article 41 of Regulation (EU) No 1303/2013 and the total cumulative amount of programme

contributions effectively paid in the meaning of Art. 42(1)(a), (b) and (d) Reg. 1303/2013 for

programming period 2014-2020, at the end of the financial year as reported by the Paying

Agency within the annual accounts in accordance with Article 29 of Regulation (EU) 908/2014.

18.6.2. Work done

We have reviewed the table (Annex 6 ) established by the Paying Agency, presenting the total

cumulative amount of programme contributions made to financial instruments and the total

cumulative amount of programme contributions effectively paid in the meaning of Art. 42(1)(a),

(b) and (d) Reg. 1303/2013, as at 15 October N.

18.6.3. Findings

No differences have been revealed.

94

18.6.4. Assessment

We confirm that the amounts mentioned in Annex 6 are complete and accurate.

[In case of discrepancies between the amounts reported by the PA and the CB's findings, please

indicate the percentage of deviation between what was reported and what should have been

reported and provide the necessary justifications for the difference].


19. OVERALL ERROR EVALUATION

[The total financial impact arising from errors found relating to objective 1-"accounts"

is to be compared to the materiality established at Fund level for drawing the overall

conclusion on the annual accounts in the Audit Opinion. CBs are requested to use the

excel table provide below.]

19.1. Detailed Error Evaluation

19.1.1. Error evaluation for the operational expenditure

[in case the CB carried out its testing for objective 1 at population level, please provide the

details per population in the table below. Note that the conclusion on objective 1 should be at

Fund level, so please provide an overall conclusion also at Fund level]

Our error evaluation of the statistical sample populations is outlined below:

95

Basic data EAFRD


Materiality 0

Estimated error

Sampling interval

Confidence level

Inherent risk

Sample size in terms of hits



According to Annex 3



Most likely error (MLE)


Precision

Total Upper Error Limit (including precision) 0

Known errors: according to Annex 3



Total Error 0

Conclusion:

Most likely error (MLE) 0

Total error 0

Materiality 0

A detailed table of all items tested and the detected errors including their financial values is

attached (see Annex 13 Sample reviewed in substantive testing – EAFRD) to this report. We also

attach (in Annex 16: Reconciliation of gross amount of tested expenditure to the Annual

Declaration) a summary of the budget lines, reconciled to the gross amount of expenditure

declared and tested, [apportioned for both the IACS and Non-IACS populations if applicable].

[In case of errors] Overall conclusion – It is our opinion that the detected formal errors have no

financial consequences, and that these are not of a recurrent nature. The substantive errors are

mainly the result of [please elaborate.]. These errors are explained in more detail in chapter 17.

19.1.2. Error evaluation for non-operational expenditure: debts, advances and

securities

As regards debts our detailed error evaluation is provided in Annex 17. Based on this evaluation

the error rate established at the level of Annex II Table is …………..%.

As regards other cases our detailed evaluation is provided in Annex 17. Based on this evaluation

the deviation rate established at the level of Annex III Table is …………..%.

96

A detailed table of all cases checked and the detected errors including their financial value is

attached (see Annex 19: Sample reviewed in substantive testing – EAFRD Annex II Tables and

Annex 20: Sample reviewed in substantive testing – EAFRD Annex III Tables) to this report.

As regards advances and securities our error evaluation is outlined below:

Basic data Advances and securities

Value of the population 2.000.000,00


Number of transactions in the population 200

Sample size 20

Total value of sampled items tested 3.000,00

Financial errors found from sampling : No errors found

Extrapolated total error 0,00

Conclusion

Total error 0,00


A detailed table of all cases tested and the detected errors including their financial value is

attached (see Annex 21: Sample reviewed in substantive testing – EAFRD Advances and

Securities) to this report.

[In case of errors] Overall conclusion – In our opinion the detected formal errors have no

financial consequences. These errors are explained in more detail in chapter 20.



Our work resulted in a number of findings which led to various recommendations. For each

finding, a level of importance was attributed in accordance with the following grading:





No 1 on accreditation).








97


Annual account issues:



















request.

20.2. Major Findings

[When applicable:] We identified a number of issues giving rise to major recommendations

which are summarised in the table(s) below.



circumstances and need to be duly justified and explained.]

The following major findings were established in respect of accreditation/internal control system

issues:


Agency

CB assessment

of PA response

The following major findings were established in respect of accounting issues:


Agency

CB assessment

of PA response

20.3. Intermediate Findings



98

The following intermediate findings were established in respect of accreditation/internal control

system issues:


Agency

CB assessment

of PA response

The following intermediate findings were established in respect of accounting issues:


Agency

CB assessment

of PA response

EAFRD – PART B – AUDIT OBJECTIVE 2- Legality and regularity of expenditure

21. REVIEW OF THE INTERNAL CONTROL SYSTEM


assessment of the internal control system and for our assessment in respect of the Paying

Agency's compliance with the accreditation criteria per internal control procedure / component as

indicated in Matrices [I and II]. We have assessed the compliance with the accreditation criteria

by using the grading "1" to "4". Our overall assessment is outlined below:


c o

nc

lu

Adminis

trat ive

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

On-the-

spo t

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

Internal

A ud it

Weighting /

Sco ring

M A TR IX - A s s e s s me nt o f t he IC S f o r p o p ula t io n/ s t ra t a ( EA F R D IA C S )

A s s e s s me nt

c o mp o ne nt

P ro c e d ure


ac t iv it ie s

Inf o rmat io n and


Eva luat io n

a t

a s s e s s me nt

c rit e ria

Ge ne r

a l

c o nc l

us io nO rg anis a

t io na l

Human

re s o urc e

Validati

on and

auto risa

t ion

D e le g a t e

d t a s ks

Communica

tion I.S . Sec.

Ongo ing

monitoring

99


c o

nc

lu

Adminis

trat ive

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

On-the-

spo t

contro ls

# # 1 5% 1 5% 1 50% 1 5% 1 # # 1 # # 1 5% 1 50 % 0 0

Validati

on and

auto risa

t ion

D e le g a t e

d t a s ks

Communica

tion I.S . Sec.

Ongo ing

monitoring

Internal

A ud it

Weighting /

Sco ring

M A TR IX - A s s e s s me nt o f t he IC S f o r p o p ula t io n/ s t ra t a ( EA F R D N o n IA C S )

A s s e s s me nt

c o mp o ne nt

P ro c e d ure


ac t iv it ie s

Inf o rmat io n and


Eva luat io n

a t

a s s e s s me nt

c rit e ria

Ge ne r

a l

c o nc l

us io nO rg anis a

t io na l

Human

re s o urc e

21.1. Understanding the entity / processes

[in line with Guideline 2 part 10 referring to part 4.2, insert the main conclusions

regarding processes checked, the control environment, particular risks and any

development having occurred during the FY]

[any work and assessment pursued according to part 11.2.1 review of IT general

controls and 11.2.2 Review of IT application controls of the Guideline 2 should be

inserted in this part]

[If use, please refer to the "methodology document for the Certification bodies in

respect of the audit work related to IACS cross-checks and data integrity to be

performed in the context of the annual certification audit EAGF/EAFRD

expenditure" work in this part]

[please explain how the testing was conducted in line with section 11.3 of

Guideline 2 and how the samples were established].

21.2. EAFRD IACS - Compliance testing / Test of controls - Control Activities

We confirmed our assessment of the key and ancillary controls against the control activities by

carrying out the following compliance tests/tests of controls against the key and ancillary controls

as suggested in Guideline N° 2: [please indicate the number of transactions tested]


Chapter X.X.X

Chapter X.X.X

[The minimum sample size should be established in line with Section 5.3 of Guideline No

2.]

21.2.1. Control activities: Authorisation of payments – Key controls

21.2.1.1. Findings


recommendations. Provide also a brief summary of the nature of deficiencies attributed



detected]

1) ……….

100

2) ………



21.2.2. Control activities: Authorisation of payments – Ancillary controls

21.2.2.1. Findings





detected]

1) ……….

2) ………



21.3. EAFRD Non-IACS - Compliance testing / Test of controls - Control Activities

21.3.1. Control activities: Authorisation of payments – Key Controls

21.3.1.1. Findings





detected]

1) ……….

2) ………



21.3.2. Control activities: Authorisation of payments – Ancillary Controls

21.3.2.1. Findings





detected]

1) ……….

2) ………


[provide an assessment which will be reflected in the accreditation matrix grades]

101

22. SUBSTANTIVE TESTING

22.1. Test results in respect of the EAFRD IACS population

22.1.1. Overview



[the CB should detail its sampling methodology and explain in summary how the PA

drew its sample (population, method, , whole farm approach or not, etc), and how the CB

proceeded, for example taking into account considerations on cascade sampling. The CB

should state whether the representativeness of the PA's random OTSC sample was tested

and confirmed. In addition,the CB should explain what approach was used for the

selection of the sub-sample- parcels, animals, etc.in line with Annex 2 of Guideline 2 on

the two-stage sampling.]

22.1.2. Work done

We reviewed in total (xxx) and an additional xx transactions in respect of EAFRD IACS,

following the requirements of the standard as stated above. The list of all cases appears in the

Annex 14: Incompliance Rate – EAFRD IACS with the detected errors, including their financial

value.


[Provide an overview of the net deviations (cf. section 3.1.1.c. of Annex 5 of Guideline 2)

listed in Annex 14, and an analysis of the underlying causes. Where formal errors are

found, a clear conclusion has to be drawn that the formal errors indicated in the Annex

14 do not have a financial impact, and that these are not of a recurrent nature. Indicate

also the significance of the findings (major/intermediate/minor) including a reference to

the frequency with which they occurred.]


Measure(s)

tested:

XXXX

Beneficiary

reg. code:

XXXX

Specific

Legal basis:

XXXX

102

Description of the finding(s) per scheme/measure:

XXXXX

Impact:

XXX



22.2. Test results in respect of the EAFRD Non-IACS population

(see the text above)

22.2.1. Overview



[The CB should detail how the samples were selected and whether all payments were

tested, mentioning the number of OTSC re-verifications conducted for EAFRD Non-

IACS. In addition ,the CB should explain what approach was used for the selection of the

sub-sample- invoices, etc.in line with annex 2 of Guideline 2 on the two-stage sampling]

22.2.2. Work done

We reviewed in total (xxx) and an additional xx transactions in respect of EAFRD Non-IACS.

The list of all cases appears in the Annex 15: Incompliance Rate – EAFRD Non-IACS.with the

detected errors, including their financial value.


[Provide an overview of the deviations (cf. section 3.1.1.c. of Annex 5 of Guideline 2)

listed in the Annex 15, and an analysis of the underlying causes. Where formal errors are

found, a clear justification has to be provided evidencing that the formal errors indicated

in the Annex 15 do not have a financial impact, and that these are not of a recurrent

103

nature. Indicate also the significance of the findings (major/intermediate/minor)

including a reference to the frequency with which they occurred.]


Measure: XXXX

Beneficiary

reg. code:

XXXX

Specific

Legal basis:

XXXX


XXXXX

Impact:

XXX


[Only major and intermediate recommendations should be listed]

23. RECONCILIATION

23.1. Review of RD control statistics to be provided on 15 July "N" as referred to in

Article 9(1) of Regulation (EU) No 809/2014

23.1.1. Objective

To verify the reconciliation of the PA for the control statistics reported under Article 9(1) of


104


[To confirm when (date + document number if applicable) the statistics30 were submitted to the

Commission.

The PA should reconcile the information provided under Article 9(1) electronically via

"STATEL/eDamis" and the information to be provided in respect of ex-post checks as referred to

in Article 52 of Regulation (EU) No 809/2014, to the underlying information in its information

system/s. The CB is to check that such a reconciliation has been made and is to confirm that

there are no discrepancies, and whether the data are automatically retrievable from the IT

system/s of the PA or not.

The information regarding documentary evidence of this shall be available in the PA to ensure at

all times a sufficiently detailed audit trail. The CB should follow-up whether such an audit trail

exists and is adequate


requirements set out in the EU provisions, as further explained in the Commission Guidelines

and explanatory notes such as "Guidelines for the submission of control data and control

statistics in relation to direct payments schemes and rural development measures" and the

"Guidance note regarding the EAFRD ex-post checks" up-dated by DG AGRI-Unit H4 on an

annual basis31].

23.1.3. Findings


statistics.]

23.1.4. Conclusion

[To conclude whether the control statistics are correctly compiled and reconciled and a sufficient

audit trail exists. This conclusion can be drawn based on the review of the procedures of the PA

for establishing the control statistics/questionnaires. If an adverse conclusion is given explain the

underlying reasons, such as (e.g.):

the information in the is inaccurate, field inspection reports are not recorded on a timely

basis,

etc.]


23.2. Action Plans / DG AGRI's recommendations

23.2.1. Objective

[The CB is expected to verify if action plans referred to in the annual activity report linked

to DG AGRI's statement of assurance as well as to DG AGRI's conformity audits have

30 In case multiple versions were submitted, quote both the date (and if applicable the document number) of

the first version submitted as well as the date (document number) of the version on which the Certification

Body has carried out its verification work as described under this chapter.

31 Ares(2015)5691908

105

been established by the PA and to report on the progress against the outstanding actions

and the remedial actions actually implemented by the PA during the financial year

audited].

23.2.2. Work Done

We reviewed the action plan established by the Paying Agency on … [date] to address the

serious weaknesses in … [control/measure/issue]. Our review included:

… [tests performed / checks made]

…

23.2.3. Findings and Assessment

In our opinion, the action plan … [addresses / does not address] the weaknesses. [Describe

outstanding issues] Clear milestones have been set and resource requirements for the

delivery of the plan have been identified and made available [explain if not].

The implementation of the action plan is [on track/should be improved/…The progress made

in respect of the action plan should be clearly explained.]



23.3. Review of the Management declaration data

[The CB should use the results of its analytical procedures on the control data and

statistics in order to check how the error rates in the Management declaration (MD)

were compiled. As the error rates in the MD are aggregated, the CB should check

the aggregated results in the MD on the basis of the control data and the controls

statistics per scheme/measure]

23.3.1. Objective

To reconcile the information provided in the Management declaration to the underlying control

data.


[see part 13.2 of Guideline 2]

23.3.3. Findings

[The CB should report on the findings with reference to the particular element of the MD :

Management declaration, error rates reported, follow up and state of play of conformity findings

described in Annexes III and IV to the MD.]

106

23.3.4. Conclusion


24. OVERALL INCOMPLIANCE RATE EVALUATION

24.1. EAFRD IACS - Evaluation of the total projected incompliance rate


is outlined below:

Basic data EAFRD IACS

EAFRD other

stata (if

applicable)

Amount of expenditure determined following random

on-the-spot checks (a)


Estimated error

Sampling interval [if applicable ]

Confidence level [if applicable]








Calculation of total error for the incomplaince rate:

Precision





Total Error for the incompliance rate 0 0

IRR = Total error / amount of expenditure (a)

Amount of expenditure (b)

Amount at risk =(a)x(b)

Materiality at expenditure level =2% x b

Conclusion:

Projected Incompliance Rate (PIR) 0 0


Consolidated IRR

Materiality 0 0

[In case the CB used Simple random sampling, lines with the number of transactions,

standard deviation of the pilot sample, as well as standard deviation of the total sample

need to be included]

107


value is attached (see Annex 14): Incompliance Rate – EAFRD IACS) to this report.



below/above [please choose the appropriate] 2 % for the EAFRD IACS population.

24.2. EAFRD IACS - Confirmation of the control data/statistics and the Management

declaration




population)

……..












explanations for which schemes the control statistics cannot be confirmed.]

24.3. EAFRD Non-IACS - Evaluation of the total projected incompliance rate

[Incompliance rate can be established per control statistics or as the CB establishes the

strata / populations based on its professional judgement.]Our evaluation of the

incompliance rate for the same statistical sample strata/populations is outlined below:

108

Basic dataEAFRD Non-

IACS

[if applicable]

EAFRD strata



Estimated error

Sampling interval

Confidence level







0 0



Precision


0 0



Known errors: from other sources 0 0

0 0

Total Error

0 0

Conclusion:



Consolidated IRR

Materiality


value is attached (see Annex 15): Incompliance Rate – EAFRD Non-IACS) to this report.



below/above [please choose the appropriate] 2 % for the EAFRD Non-IACS

population.

24.4. EAFRD Non-IACS - Confirmation of the control data/statistics and the

Management declaration




population)

……..


Confirmation of the control data/statistics {please add your assessment] The


109

and the Management declaration control data/statistics as well as the






explanations for which schemes the control statistics cannot be confirmed]

24.5. Certifying error rate for reduction of control rate

[Please delete the text below and indicate “Not applicable” if the PA does not intend to

reduce the control rate]

In accordance with Article 41 of Regulation (EU) No. 908/2014 for the purpose of

reduction of the control rate the error rate for the concerned population needs to be

certified. For claim year 20XX, for the measure..… (for example Agri-environment-

climate) we have tested … files of the random OTSC sample of the PA and calculated

the respective error rate (Annex 14 a). We have not found error/we have found one or

more errors (amounting to………).


110



Our work resulted in a number of findings which led to various recommendations. We

have categorised these findings and recommendations into two groups [accreditation

findings and legality and regularity findings). For each finding, a level of importance

was attributed in accordance with the following grading.





No 1 of accreditation).
















The categories we used to classify our findings in respect of the legality and regularity

of expenditure are as follows:

- Major Findings Matters relating to weaknesses in the key controls - which

require immediate attention at a senior level within the Paying

Agency. (See lists of Key and Ancillary controls as made

available on CIRCABC.33).

- Intermediate Findings Matters relating to weaknesses in the ancillary controls -

which require prompt attention at an appropriate level within

the Paying Agency.

- Minor findings Matters relating to other weaknesses which require attention at

an appropriate level.


33 Library > Audit of agricultural expenditure > New guidelines on the calculation on the financial corrections

C(2015)3675 > Final list of Key and Ancillary controls

https://circabc.europa.eu/faces/jsp/extension/wai/navigation/container.jsp?FormPrincipal:_idcl=navigationLibrary&FormPrincipal_SUBMIT=1&org.apache.myfaces.trinidad.faces.STATE=DUMMY&id=a392af30-1e6d-4e08-ac96-ab18399f2eaf&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAN0AAIxNHB0ACsvanNwL2V4dGVuc2lvbi93YWkvbmF2aWdhdGlvbi9jb250YWluZXIuanNw

https://circabc.europa.eu/faces/jsp/extension/wai/navigation/container.jsp?FormPrincipal:_idcl=navigationLibrary&FormPrincipal_SUBMIT=1&org.apache.myfaces.trinidad.faces.STATE=DUMMY&id=e4e041ab-f8a1-48c7-bad2-2cae7de16e73&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAN0AAIxNHB0ACsvanNwL2V4dGVuc2lvbi93YWkvbmF2aWdhdGlvbi9jb250YWluZXIuanNw



https://circabc.europa.eu/faces/jsp/extension/wai/navigation/container.jsp?FormPrincipal:_idcl=navigationLibrary&FormPrincipal_SUBMIT=1&org.apache.myfaces.trinidad.faces.STATE=DUMMY&id=7db4c53d-bc29-4084-9d9a-e8897a4bfabe&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAN0AAIxNHB0ACsvanNwL2V4dGVuc2lvbi93YWkvbmF2aWdhdGlvbi9jb250YWluZXIuanNw

111




request.

25.2. Major Findings (by population – IACS and non-IACS)

[When applicable:] We identified a number of issues giving rise to major




circumstances and need to be duly justified and explained. A major legality and

regularity finding should be translated into a grade 1 or 2 depending on the overall

impact on the compliance with the accreditation criteria by the Paying Agency]

The following major findings were established in respect of accreditation issues/internal

control system:


Agency

CB assessment

of PA response

The following major findings were established in respect of legality and regularity

issues:


Agency

CB assessment

of PA response

25.3. Intermediate Findings (by population – IACS and non-IACS)



The following intermediate findings were established in respect of accreditation/internal

control system issues:


Agency

CB assessment

of PA response

The following intermediate findings were established in respect of legality and

regularity issues:


Agency

CB assessment

of PA response

26. FOLLOW-UP OF PREVIOUS YEARS' RECOMMENDATIONS

The following tables include previous years' major and intermediate recommendations,

the progress made against the outstanding recommendations, comments by the Paying

Agency and the assessment of the response by the Certification Body. The follow-up of

the financial errors is indicated in a separate table below.

112

[The CB is expected also to report on the implementation status of the recommendations

arising from DG AGRI's conformity audits. The information provided should be limited to

major findings and deficiencies which the PA should have normally included in Annex III of

the Management Declaration]

Major recommendations



Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]



Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]

Intermediate recommendations



Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]



Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]

113

Financial errors


Agency

Position of the

Certification

Body




made]

[implemente

d/partly/not

implemented

]


/actions taken

are appropriate]

26.1.1. Conclusion

[To conclude whether the PA followed-up properly all the potential irregularities

communicated by the Special Department during the financial year related to the most recent

scrutiny years (n-2/n-1 and n-1/n), and whether proper justifications were provided for those

cases where the PA decided not to pursue recovery.]


115

SECTION C –AUDIT OPINION

116

TEMPLATE FOR THE CERTIFICATION BODY'S OPINION

OPINION OF THE CERTIFICATION BODY ON THE (NAME OF THE PAYING

AGENCY)

We have audited the annual accounts of the [name and address of Paying Agency] related to EAGF

(final total net expenditure: EUR xxx) and/or EAFRD (final total net expenditure: EUR xxx)

expenditure for the 20xx EAGF/EAFRD financial year and assessed the internal control procedures

operated by the Agency. As required by article 9(1) or Regulation (EU) No 1306/2013 of the

European Parliament and of the Council, we have also considered whether our examination puts in

doubt the assertions made in the Management Declaration of the Director of [Paying Agency] for

the financial year 16/10/xxxx to 15/10/xxxx+1.

Management's responsibility for the annual accounts, including the legality and regularity of

expenditure and the Director's responsibility for the Management Declaration

Management is responsible for the preparation and fair presentation of the annual accounts in

accordance with Articles 29, 30 and 31 of Commission Implementing Regulation (EU) No

908/2014. This responsibility includes designing, implementing and maintaining internal control

relevant to the preparation and fair presentation of annual accounts that are free from material

misstatement, whether due to fraud or error.

The Director of the Paying Agency is responsible for the preparation and fair presentation of this

Management Declaration in accordance with Article 3 of Commission Implementing Regulation

(EU) No 908/2014. This responsibility includes an assessment as to the truth, completeness and

accuracy of the annual accounts submitted to the Commission, and an assessment as to whether

the control system established by the Paying Agency management provides reasonable assurance

as to the legality and regularity of underlying transactions. The Director of the Paying Agency

should base his/her assessment upon all information at his/her disposal, including the work of the

internal audit service.

Responsibility of the Certification Body

Our responsibility, acting as Certification Body, is to express an opinion on the annual accounts.

We conducted our audit in accordance with Article 6 of Commission Implementing Regulation

(EU) No 908/2014 and ………….. [State which Auditing Standards have been applied]. These

standards require that we comply with ethical requirements and plan and perform the audit to

obtain reasonable assurance whether the annual accounts transmitted to the Commission are free

from material misstatement.

The audit included an examination, on a test basis, of evidence supporting the information in the

annual accounts, and an examination of procedures and of a sample of transactions to obtain audit

evidence about the amounts and disclosures in the annual accounts. Our responsibility under Article

5(3) of Commission Implementing Regulation (EU) No 908/2014 extends to providing an opinion

on the internal controls; our conclusion is based on the results of our assessment of the Paying

Agency's compliance with the accreditation criteria as set out in Annex I of Commission Delegated

Regulation (EU) No 907/2014. It is not our responsibility to conclude on whether all possible

controls are present in the system.

In addition, our responsibility is to express an opinion on whether our examination puts in doubt the

assertions made in the management declaration and whether the Management Declaration complies

with Article 3 of Commission Implementing Regulation (EU) No 908/2014 and Guideline 4 on the

Management Declaration .

We read all the financial and non-financial information included in the Management Declaration

and its annexes to identify whether the Management Declaration is consistent with the results of

our examination. This includes our evaluation of whether those results suggest a need for

reservations to be made. If we become aware of any apparent material misstatements or

inconsistencies we consider the implications for our report.

117

[If applicable] In accordance with Article 41 of Commission Implementing Regulation (EU) No

908/2014 the error rates of the concerned population need to be certified for the purpose of

reduction of control rates in subsequent claim years.

We believe that our work provides a reasonable basis for our audit opinions.

Opinion– [Unqualified (both Funds)on all three aspects below]

In our opinion:

The accounts to be transmitted to the Commission for the 20xx EAGF and EAFRD financial

year ended DD/MM/YYYY are true, complete and accurate in all material respects as regards

the total net expenditure charged to the EAGF and EAFRD; and

Based on our work to review the Paying Agency's compliance with the accreditation criteria,

the internal control procedures of the Paying Agency have operated satisfactorily as regards

both the EAGF and EAFRD.

The expenditure for which reimbursement has been requested from the Commission for both

EAGF and EAFRD is legal and regular in all material respects.

Opinion on the Management Declaration- [Unqualified]

Based on our examination, nothing has come to our attention that:

puts into doubt the assertions made in the Management Declaration for the financial year

16/10/xx to 15 /10/xx+1 ;

causes us to believe that the Management Declaration does not comply with the legal

framework. .

[when applicable: additional text on reservations, non-compliance, etc.]

[If applicable] Error rates to be certified for the purpose of control rate reduction

In accordance with Article 41 of Commission Implementing Regulation (EU) No 908/2014 we

confirm that the error rate for BPS/SAPS and/or measures…….. for the claim year 20XX as

reported in the control statistics of the Paying Agency is below the materiality threshold of 2,0

%.Our audit work was finalised on DD/MM/YYYY. The conclusions relate to the situation as of

that date. A report on our findings is delivered at the same date as the date of this opinion.

[Date of issue of the opinion]

[Auditor's signature, name and position]

[Name and address of the Certification Body]

118

GUIDANCE FOR PREPARING THE OPINION

THE PART OF THE OPINION, WHICH CONCERNS THE ANNUAL ACCOUNTS,

INCLUDING THE LAGALITY AND REGUALITY OF EXPENDITURE

1. The opinion should specify the CB, the Paying Agency, the EAGF/EAFRD financial year,

the closing date for the audit examination, the date of issue and the name and position of

the signatory of the audit opinion. It should also confirm that the audit examination was

undertaken in accordance with the provisions of Article 5.2 of Commission Implementing

Regulation (EU) No 908/2014 and Guideline 4 as regards the nature and quantity of work

required to obtain reasonable assurance.

2. The CB shall draw up one opinion stating whether it has gained reasonable assurance that

the accounts to be transmitted to the Commission are true, complete and accurate, that the

internal control procedures have operated satisfactorily, and that the expenditure for which

reimbursement has been requested from the Commission for both EAGF and EAFRD is

legal and regular.

1. The opinion on the annual accounts and on the legality and regularity of underlying

transactions shall be based on an examination of procedures and a sample of transactions.

2. Any material misstatements should be specified in the opinion and cross-referenced to an

explanatory text in the audit report.

3. The type of opinion ("unqualified" or "modified".) has to be clearly indicated in

accordance with the categories indicated in the matrix and the examples of audit opinions

presented in the below.

4. If the opinions for both Funds are unqualified, they can be combined, as in example A,

and the opinion on the annual accounts as a whole will be unqualified.

5. If there is a qualified opinion for at least one Fund, separate opinions (and the facts giving

rise to those opinions) must be given for each Fund.

6. The CB should definitely issue a qualified opinion for a Fund if the most likely

error/projected error found (or the sum most likely errors/the sum of the projected errors)

exceeds materiality (2% of the expenditure for the concerned Fund). In case the upper

error limit/ upper projected incompliance rate exceed 2%, the CB should conduct more

testing or make a judgement whether the sampling risk qualified by the precision is

acceptable34.

7. Material errors found at population level should always be considered in a wider context.

If there are errors that are material only at population level, i.e. they are not material at

Fund level, then the CB should ordinarily issue an "Emphasis of Matter" paragraph within

its unqualified opinion(see example "A2").

8. The example presented in the introduction to this section of the Guideline reflects an

"unqualified" audit opinion for both funds. The examples that follow reflect potential

formulations of the opinion section, and, depending of the particular circumstances, to the

section dealing with the "Responsibility of the Certification Body".

34 In case the testing was done at population level, the CB may need to calculate a precision at Fund level

in order to conclude at Fund level.

119

There are two possibilities for unqualified opinions, as follows:

* Unqualified opinion (section 15.1.1.1)

An unqualified opinion should be expressed when the auditor concludes that the financial

statements give a true and fair view or are presented fairly, in all material respects, in accordance

with the applicable financial reporting framework.

* Unqualified opinion with emphasis of matter paragraph (section 15.1.1.2)

If the auditor considers it necessary to draw users’ attention to a matter presented or disclosed in

the financial statements that, in the auditor’s judgment, is of such importance that it is

fundamental to users’ understanding of the financial statements, the auditor shall include an

Emphasis of Matter paragraph in its report provided the auditor has obtained sufficient

appropriate audit evidence that the matter is not materially misstated in the financial statements.

Such a paragraph shall refer only to information presented or disclosed in the financial

statements. The auditor shall indicate that the auditor’s opinion is not modified in respect of the

matter emphasized.

When the Certification Body cannot express an unqualified opinion, the opinion matrix below

illustrates how the Certification Body's judgement on the matter giving rise to the modification

and the pervasiveness of its effects or possible effects on the accounts affect the opinion to be

expressed:

Opinion matrix:

Nature of Matter Giving Rise to

the Modification/ Auditor’s

Judgment about the

Pervasiveness of the Effects or

Possible Effects on the

Financial Statements

Material but not

pervasive Material and pervasive

Financial statements are

materially misstated Qualified (15.1.1.3) Adverse (15.1.1.6)

Inability to obtain sufficient

appropriate audit evidence Qualified (15.1.1.4) Disclaimer (15.1.1.5)

Note: the definitions below are as described in the relevant International Standards on Auditing35 :

** Qualified opinions (sections 15.1.1.3 to 15.1.1.6)

The objective of the auditor is to express clearly an appropriately modified opinion on the

financial statement that is necessary when:

(1) The auditor is unable to obtain sufficient appropriate audit evidence to conclude that the

financial statements as a whole are free from material misstatements; or

(2) The auditor concludes based on the audit evidence obtained, that the financial statements as a

whole are not free from material misstatements.

35 The unqualified opinion is as per ISA 700, paragraph 24. Modifications to the audit opinion are based

on ISA 705 and emphasis of matter paragraphs and other Matter(s) Paragraphs on ISA 706 (revised):).

However, the requirements of ISA 800 ("Special Considerations- audit of financial statements prepared in

accordance with special purpose frameworks") and International Standard on Assurance Engagements

(ISAE) 3000 (revised) ("Assurance Engagements Other Than Audits Or Reviews Of Historical Financial

Information") should also be taken into consideration when drafting the opinion.

120

The circumstances described in (1) could lead to a qualified opinion (Section 15.1.1.3) or a

disclaimer of opinion (Section 15.1.1.5). The circumstances described in (2) could lead to a

qualified opinion (Section 15.1.1.4) or an adverse opinion (Section 15.1.1.6).

A qualified opinion (15.1.1.3 or 15.1.1.4) should be expressed when the auditor, having obtained

sufficient appropriate audit evidence, concludes that misstatements, individually or in the

aggregate, are material, but not pervasive to the financial statements, or when the auditor is

unable to obtain sufficient appropriate audit evidence on which to base the opinion, but he

concludes that the possible effects of undetermined misstatements, could be material but not

pervasive. A qualified opinion should be expressed as being "except for" the effects of the matter

to which the qualification relates.

A disclaimer of opinion (15.1.1.5) should be expressed when the auditor is unable to obtain

sufficient appropriate audit evidence on which to base the opinion, and the auditor concludes that

the possible effects on the financial statements of undetected misstatements, could be both

material and pervasive.

An adverse opinion (15.1.1.6) should be expressed when the auditor, having obtained sufficient

appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are

both material and pervasive to the financial statements.

Whenever the auditor expresses an opinion that is other than unqualified, a clear description of all

the substantive reasons should be included in the report and, unless impracticable, a

quantification of the possible effect(s) on the financial statements. Ordinarily, this information

would be set out in a separate paragraph preceding the opinion or disclaimer of opinion on the

financial statements and may include a reference to a more extensive discussion, in a note to the

financial statements.

THE PART OF THE OPINION THAT CONCERNS THE MANAGEMENT

DECLARATION

Legislative environment

CBs are required to issue an opinion on the Management Declaration (MD) signed by the PA

Director (PAD), as per Article 9(1) of Regulation (EU) No 1306/2013 of the European

Parliament and of the Council.

1. THE CERTIFICATION BODY'S ASSESSMENT OF THE MANAGEMENT DECLARATION

In assessing the MD, the CB should first establish whether it has been drawn up and signed in

accordance with the requirements of Annex I and Article 3 of Commission Implementing

Regulation (EU) No 908/2014, and Section 3 of Guideline no. 4. In particular, it should consider

the appropriateness and adequacy of the supporting information used for the preparation of the

MD.

"Within the overall system for the management and control of agricultural expenditure and the

assurance which can be derived from that system as regards the legality and regularity of the

underlying transactions, it is essential that the director discloses the basis on which the MD has

been established. Therefore each MD should be accompanied by a list set out in Annex 1

informing concisely about the documents and work performed which formed the basis of the MD.

This list should be limited to a brief description of the subject matter of the respective document.

In contrast, it should not include a summary of the content of the document nor should the

document as such be attached to the Management Declaration. Similar information should be

given on the work performed by the director of the PA before signing his statement.

121

Moreover, the director of the PA is asked to complete the table set out in Annex 2 by providing an

analysis of the control statistics (including any controls at second level36). Only in a limited

number of cases further explanations are expected, these cases are also defined in Annex 2 of this

Guideline. The director is also asked to complete Annex 3 and 4 of the Management

Declaration."

The CB should assess whether the supporting information used in the establishment of the MD

support the information in and conclusions of the MD, and that it is consistent with the evidence

it has obtained based on its audit work.

In addition, in order to formulate its opinion on the Management Declaration, the CB

independently carries out its evaluation of the maximum level of risk, as well as confirm or not

the control statistics/data (see chapters 11.1, 11.2.11.3, 11.4, 24.1, 24.2, 24.3 and 24.4 ).

The CB should then consider the following questions:

If reservations have been made by management:

Do they represent a material issue?

Has their nature been clearly described and any financial effects (real or potential)

quantified?

For each reservation, is a remedial action plan defined, with a clear timetable for

resolution?

Is each reservation consistent with the results of the CB's own work (and its reported

audit findings) in respect of the particular audit population tested? Here the evaluation of

the residual risk: evaluation of the internal control system, the PA’s error rate and

incompliance rate as per chapter 8.5.2 of Guideline no. 2 should be considered.

If the reservation made does not fully meet the requirements of Guideline 4, has this been

disclosed in a separate document attached to the MD as per point 6 of that Guideline?

If reservations have not been made by management:

Has the CB's audit work on one or more of the audit populations produced results

indicating that the Director should have made a reservation (e.g. that there is material

error in the population(s) tested)?

In the view of the CB, should any reservations be made?

36 e.g. controls carried out and/or re-performed by the internal audit service of the PA.

122

2. THE CERTIFICATION BODY'S OPINION ON THE MANAGEMENT DECLARATION

The example presented in the introduction to this section of the Guideline reflects an

"unqualified" audit opinion for both funds. The examples that follow reflect potential

modifications of the opinion section, and, depending of the particular circumstances, to the

section dealing with the "Responsibility of the Certification Body".

A set of possible opinions is presented in the Annex hereinafter as follows:

- 2.1.1.1 Example of a negative assurance on the MD;

- 2.1.1.3 Example of an opinion on the MD in case of detected differences;

- 2.1.1.4 Example of an opinion on the MD in case of inability to obtain sufficient appropriate

evidence;

- 2.1.1.5 Example of a disclaimer of opinion on the MD; [This opinion could possibly be linked to

results of the incompliance rate presented in section 8.5.2 of Guideline 2. The risk is not

quantifiable.]

- 2.1.1.6- Example of an adverse opinion on the MD [This opinion could possibly be linked to

results of the incompliance rate presented in section 8.5.2 of Guideline 2.The risk is material]

123

Examples of audit opinions to be issued by the Certification Body

Example of an audit opinion– Unqualified (both Funds) for the annual accounts,

the ICS and the legality and regularity of expenditure, as well as and for the

Management declaration

OPINION OF THE CERTIFICATION BODY TO THE [NAME OF PAYING AGENCY]

We have audited the annual accounts of the [name and address of Paying Agency] related to EAGF (final

total net expenditure: EUR xxx) and/or EAFRD (final total net expenditure: EUR xxx) expenditure for the

20xx EAGF/EAFRD financial year and assessed the internal control procedures operated by the Agency.

As required by article 9(1) or Regulation (EU) No 1306/2013 of the European Parliament and of the

Council, we have also considered whether our examination puts in doubt the assertions made in the

Management Declaration of the Director of [Paying Agency] for the financial year 16/10/xxxx to

15/10/xxxx+1.



Management is responsible for the preparation and fair presentation of the annual accounts in accordance

with Articles 29, 30 and 31 of Commission Implementing Regulation (EU) No 908/2014. This

responsibility includes designing, implementing and maintaining internal control relevant to the

preparation and fair presentation of annual accounts that are free from material misstatement, whether due

to fraud or error.


Management Declaration in accordance with Article 3 of Commission Implementing Regulation (EU) No

908/2014. This responsibility includes an assessment as to the truth, completeness and accuracy of the

annual accounts submitted to the Commission, and an assessment as to whether the control system

established by Paying Agency management provides reasonable assurance as to the legality and regularity

of underlying transactions. The Director of the Paying Agency should base his/her assessment upon all

information at his/her disposal, including the work of the internal audit service.


Our responsibility, acting as Certification Body, is to express an opinion on the annual accounts. We

conducted our audit in accordance with Article 6 of Commission Implementing Regulation (EU) No

908/2014 and …………..[State which Auditing Standards have been applied]. These standards require that

we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance

whether the annual accounts transmitted to the Commission are free from material misstatement.

The audit included an examination, on a test basis, of evidence supporting the information in the annual

accounts, and an examination of procedures and of a sample of transactions to obtain audit evidence about

the amounts and disclosures in the annual accounts. Our responsibility under Article 5(3) of Commission

Implementing Regulation (EU) No 908/2014 extends to providing an opinion on the internal controls; our

conclusion is based on the results of our assessment of the Paying Agency's compliance with the

accreditation criteria as set out in Annex I of Commission Delegated Regulation (EU) No 907/2014. It is

not our responsibility to conclude on whether all possible controls are present in the system.


assertions made in the management declaration and whether the Management declaration complies with

Article 3 of Commission Implementing Regulation (EU) No 908/2014 and Guideline 4 on the Management

Declaration .

We read all the financial and non-financial information in the Management Declaration and its annexes to

identify whether the Management Declaration is consistent with the results of our examination. This

includes our evaluation of whether those results suggest a need for reservations to be made. If we become

aware of any apparent material misstatements or inconsistencies we consider the implications for our

report.

[If applicable] In accordance with Article 41 of Commission Implementing Regulation (EU) No 908/2014

the error rates of the concerned population need to be certified for the purpose of reduction of control rates

in subsequent claim years.

124


Opinion– [UNQUALIFIED (both Funds)]

In our opinion:

The accounts to be transmitted to the Commission for the 20xx EAGF and EAFRD financial year ended

DD/MM/YYYY are true, complete and accurate in all material respects as regards the total net

expenditure charged to the EAGF and EAFRD; and

Based on our work to review the Paying Agency's compliance with the accreditation criteria, the

internal control procedures of the Paying Agency have operated satisfactorily as regards both the EAGF

and EAFRD.

The expenditure for which reimbursement has been requested from the Commission for both EAGF and

EAFRD is legal and regular in all material respects.


Based on our examination, nothing has come to our attention that causes us to:

Puts into doubt the assertions made in the Management declaration for the financial year 16/10/xx

to 15/10/xx+1;

Believe that the Management declaration does not comply with the legal framework.


In accordance with Article 41 of Commission Implementing Regulation (EU) No 908/2014 we confirm

that the error rate for BPS/SAPS and/or measures………. for the claim year 20XX as reported in the

control statistics of the Paying Agency is below the materiality threshold of 2,0 %.

Our audit work was finalised on DD/MM/YYYY. The conclusions relate to the situation as of that date. A

report on our findings is delivered at the same date as the date of this opinion.

[Date of issue of opinion]

[Auditor’s signature, name and position]

[Name and address of Certification Body]

125

Example of an audit opinion– Unqualified with emphasis of matter (both Funds) for

the annual accounts and unqualified for the management declaration








15/10/xxxx+1.







to fraud or error.
























Declaration .





report.





Opinion –[ UNQUALIFIED WITH EMPHASIS OF MATTER (both Funds)on the annual accounts]

126

In our opinion:



expenditure charged to the EAGF and EAFRD; and



and EAFRD.



[Without qualifying our opinion on the annual accounts above, we draw attention to Sections XX and XX of

the report. Significant delays by the Paying Agency in booking recovered amounts have led to overstatements

of year-end balances according to the Annex II tables by 5,5% (€xxx) for EAGF and 4.2% (€xxx) for EAFRD.

However, these overstatements are immaterial at the overall level of the Funds.]


Based on our examination, nothing has come to our attention that causes us to:

puts into doubt the assertions made in the Management declaration for the financial year 16/10/xx

to 15/10/xx+1 ;

believe that the Management declaration does not comply with the legal framework.



that the error rate for BPS/SAPS and/or measures…………….. for the claim year 20XX as reported in the







127

Example of an audit opinion – Unqualified for EAGF, Qualified – Detected

Differences for EARFD and qualified for the Management declaration- detected

differences








15/10/xxxx+1.







to fraud or error.
























Declaration .





report.





128

Basis for the Qualified Opinion on EAFRD on the annual accounts

[For the EAFRD, differences were detected between the annual accounts and the books and records of the

Paying Agency e.g. for the following budget posts (reference: audit report page P):

(EC budget sub-item Difference (+/-) in national currency) ]

Opinion:

1. EAGF: UNQUALIFIED

Wording as per example A.

2. EAFRD: QUALIFIED - DETECTED DIFFERENCES on the annual accounts

In our opinion, except for the differences described above:

The accounts to be transmitted to the Commission for the 20xx EAFRD financial year ended

DD/MM/YYYY are true, complete and accurate in all material respects as regards total net expenditure

charged to the EAFRD; and


internal control procedures of the Paying Agency have operated satisfactorily as regards the EAFRD.

The expenditure for which reimbursement has been requested from the Commission for EAFRD is

legal and regular in all material respects.

Basis for the Qualified Opinion on the Management Declaration

[……………….]

Opinion on the Management Declaration- {Qualified]

Based on our examination, except for the effects of the matter described in the Basis for Qualified Opinion

paragraph, nothing has come to our attention that causes us to:

puts into doubt the assertions made in the Management declaration for the financial year 16/10/xx

to 15/10/xx+1 ;

believe that the Management declaration does not comply with the legal framework.



that the error rate for BPS/SAPS and/or measures………………. for the claim year 20XX as reported in

the control statistics of the Paying Agency is below the materiality threshold of 2,0 %.






129

Example of an audit opinion– Unqualified for EAFRD, Qualified – Limitation of

Scope for EAGF on legality and regularity, qualified for the Management

declaration- inability to obtain sufficient appropriate evidence








15/10/xxxx+1.







to fraud or error.
























Declaration .





report.





130

Basis for the qualified opinion on EAGF on legality and regularity

As regards the EAGF, we did not observe… (reference: audit report page P).

Opinion

1. EAGF: QUALIFIED - LIMITATION ON SCOPE on legality and regularity

In our opinion, except for the effects of such adjustments, if any, as might have been determined to be

necessary had we been able to satisfy ourselves as to…..:

The accounts to be transmitted to the Commission for the 20xx EAGF financial year ended DD/MM/YYYY

are true, complete and accurate in all material respects as regards total net expenditure charged to the

EAGF; and


internal control procedures of the Paying Agency have operated satisfactorily as regards the EAGF.

The expenditure for which reimbursement has been requested from the Commission for EAGF is legal

and regular in all material respects.

2. EAFRD: UNQUALIFIED

Wording as per example A

Basis for the Qualified Opinion on the Management Declaration

[……………….]

Opinion on the Management Declaration-[ Qualified]

Based on our examination except for the possible effects of the matter described in the Basis for Qualified

Opinion paragraph, nothing has come to our attention that causes us to:


to 15/10/xx+1;

Believe that the Management declaration does not comply with the legal framework.



that the error rate for BPS/SAPS and/or measures………….. for the claim year 20XX as reported in the







131

Example of an audit opinion – Unqualified for EAFRD, Disclaimer of Opinion –

Limitation of Scope for EAGF on the annual accounts and disclaimer of opinion for

the Management declaration








15/10/xxxx+1.







to fraud or error.














[…]

[The following paragraphs discussing the scope of the audit could either be omitted or amended

according to the circumstances: The audit included an examination, on a test basis, of evidence supporting

the information in the annual accounts, and an examination of procedures and of a sample of transactions

to obtain audit evidence about the amounts and disclosures in the annual accounts. Our responsibility under

Article 5(3) of Commission Implementing Regulation (EU) No 908/2014 extends to providing an opinion

on the internal controls; our conclusion is based on the results of our assessment of the Paying Agency's

compliance with the accreditation criteria as set out in Annex I of Commission Delegated Regulation (EU)

No 907/2014. It is not our responsibility to conclude on whether all possible controls are present in the

system.]




Declaration .

[The following paragraphs discussing the scope of the audit could either be omitted or amended according

to the circumstances: We read all the financial and non-financial information in the Management

Declaration and its annexes to identify whether the Management Declaration is consistent with the results

of our examination. This includes our evaluation of whether those results suggest a need for reservations

to be made. If we become aware of any apparent material misstatements or inconsistencies we consider the

implications for our report.]

132





Basis for Disclaimer of Opinion on the Annual accounts for EAGF

[Add a paragraph discussing the scope limitation – the examples assume these matters affect the EAGF]:

E.g. We were not able to examine procedures for accounting due to limitations placed on the scope of our

work by the Paying Agency. Explain in detail]

Opinion

1. EAGF: DISCLAIMER OF OPINION - LIMITATIONS ON SCOPE on the annual accounts

Because of the significance of the matters discussed above, we do not express an opinion:

Whether the accounts to be transmitted to the Commission for the 20xx EAGF financial year ended

DD/MM/YYYY are true, complete and accurate in all material respects as regards total net expenditure

charged to the EAGF;

2. EAGF and EAFRD: UNQUALIFIED

In our opinion:

The accounts to be transmitted to the Commission for the 20xx EAFRD financial year ended


expenditure charged to the EAFRD; and



and EAFRD.



Basis for Disclaimer of Opinion on the Management Declaration

[……………….]

Disclaimer of Opinion on the Management declaration

[The paragraph could be changed to exclude from the disclaimer if necessary one of the bullet points]

Due to the significance of the matters described in the Basis for Disclaimer of Opinion paragraph, we were

unable to obtain sufficient appropriate evidence to form an opinion on:

the assertions made in the Management Declaration for the financial year 16/10/xx to 15/10/xx+1;

the compliance of the Management Declaration with the legal framework.






133

Example of an audit opinion – Unqualified for EAGF, Adverse Opinion for EAFRD on

legality and regularity, adverse for the management declaration








15/10/xxxx+1.







to fraud or error.
























Declaration .





report.





134

Basis for Adverse Opinion on EAFRD for legality and regularity

[(Paragraph(s) discussing the disagreement

E.g.: [We were not able to confirm the representativeness of the random on-the-spot check sample of the

Paying Agency for FY20YY (reference: audit report page xxx). Explain in detail]

Opinion

1. EAGF and EAFRD: UNQUALIFIED

In our opinion:



expenditure charged to the EAGF and the EAFRD; and



and EAFRD.

The expenditure for which reimbursement has been requested from the Commission for EAGF is legal

and regular in all material respects..

2. EAFRD: ADVERSE OPINION ON LEGALITY AND REGUALITY OF EXPENDITURE

In our opinion, because of the effects of the matters described above:

The expenditure for which reimbursement has been requested from the Commission for EAFRD is not

legal and regular in all material respects.

Basis for Adverse Opinion on the Management declaration

[……………….]

Adverse Opinion on the Management Declaration

]The paragraph could be changed to exclude from the adverse opinion if necessary one of the bullet

points]

Our examination, due to the significance of the matter discussed in the Basis for Adverse Opinion

paragraph,


to 15/10/xx+1;

Causes us to believe that the Management declaration does not comply with the legal framework.



that the error rate for BPS/SAPS for the claim year 20XX as reported in the control statistics of the Paying

Agency is below the materiality threshold of 2,0 %.

Our audit was finalised on DD/MM/YYYY. The conclusions relate to the situation as of that date. A report on

our findings is delivered at the same date as the date of this opinion.




135

SECTION D – ANNEXES

(All the relevant annexes must be also submitted electronically in the appropriate

format, e.g.: excel)

Annex 1: Glossary of Abbreviations

Annex 2: Internal and external audit evidence

Annex 3: Sample reviewed in substantive testing – audit objective 1 – EAGF

Annex 4: Incompliance Rate – EAGF IACS[example provided] – audit objective 2

Annex 5: Incompliance Rate – EAGF Non IACS– audit objective 2

Annex 6: Reconciliation of gross amount of tested expenditure to the Annual

Declaration

Annex 7: Sample reviewed in substantive testing – non-statistical sample [specify the

population tested] [as per annex 3]

Annex 8: Evaluation of Errors – Debtors – EAGF [example provided]

Annex 9: Sample reviewed in testing – EAGF Annex II Tables [example provided]

Annex 10: Sample reviewed in testing – EAGF Annex III Tables [as per annex 9]

Annex 11: Sample reviewed in substantive testing – EAGF Advances and Securities

Annex 12: List of files reviewed in compliance testing - EAGF

Annex 13: Sample reviewed in substantive testing – audit objective 1 – EAFRD

Annex 14: Incompliance Rate – EAFRD IACS[example provided] – audit objective 2

Annex 15: Incompliance Rate – EAFRD Non IACS– audit objective 2

Annex 16: Reconciliation of gross amount of tested expenditure to the Annual

Declaration

Annex 17: Evaluation of error – Debtors – EAFRD [as per annex 8]

Annex 18: Sample reviewed in substantive testing – non-statistical sample [as per annex

3]

Annex 19: Sample reviewed in testing – EAFRD Annex II Tables [as per annex 9]

Annex 20: Sample reviewed in testing – EAFRD Annex III Tables [as per annex 9]

Annex 21: Sample reviewed in substantive testing – EAFRD Advances and Securities

136

END

Electronically signed on 13/10/2017 14:38 (UTC+02) in accordance with article 4.2 (Validity of electronic documents) of Commission Decision 2004/563

GUIDELINE NO 3 GUIDELINES FOR THE CERTIFICATION AUDIT OF ... · set-up of the PA may be identical...

Documents

Transcript of GUIDELINE NO 3 GUIDELINES FOR THE CERTIFICATION AUDIT OF ... · set-up of the PA may be identical...